Jump to content
Welcome to InsanelyMac Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.

  • Announcements

    • Allan

      Forum Rules   04/13/2018

      Hello folks! As some things are being fixed, we'll keep you updated. Per hour the Forum Rules don't have a dedicated "Tab", so here is the place that we have our Rules back. New Users Lounge > [READ] - InsanelyMac Forum Rules - The InsanelyMac Staff Team. 
vit9696

FileVault 2

317 posts in this topic

Recommended Posts

Alright, after a couple of weeks of hard work performed by: ath, Download-Fritz, slice and myself FileVault 2 should work everywhere now. Additionally thanks to iNDi for help and initial discovery of certain FV aspects.

 

This means that everybody gets some pros for this but mainly Clover.

Everything works in test mode for the time being, so you better wreck your disk drives and tell us how much fun it was :)

Clover:
In brief you are required to install a set of drivers present at least in r3876. There are two driver categories, and each one will be addressed separately.

  • UI drawing. The following is mandatory:
    • FirmwareVolume.efi — or you will get a cursor creation error;
    • AppleImageCodec-64.efi — or you will get image decoding failures;
    • AppleEvent.efi — or you will get AppleEvent installation failures (r3877+ Clover built-in).
    Then you are recommended (read as blame yourself if not) to install:
    • AppleUITheme-64.efi — fixes grey login screen background on 10.10+;
    • HashServiceFix-64.efi — will fix HDPI cursor in newer OS;
    • SMCHelper.efi — silences most of the SMC errors;
    • AppleGraphicsConfig-64.efi, OSInfo-64.efi — respond to a few requested protocols (r3877+ Clover built-in).
  • Password input. To do that you need a keyboard driver, which knows about Apple key aggregation protocol, and the protocol itself.

    For key aggregation you may use Clover's AppleKeyAggregator.efi, it works more or less. If you have issues it might be better to use the original AppleKeyMapAggregator from Apple firmware.

    There are two input drivers for the time being:
    • Modified UsbKbDxe, a slightly altered version is present in Clover.
      Pros:
      — works with any USB keyboard in any BIOS;
      — offers completely functional Apple boot keys (CMD+V, 3+2, CMD+R, etc.);
      Cons:
      — might require a physical keyboard reconnect after driver load with AMI UEFI BIOS;
      — might lead to a complete freeze of the system with AMI UEFI BIOS.

      Recommendations:
      It is recommended to use this driver from BIOS or via legacy clover boot. In this case you will have no issues with keyboard connection. To solve freezing issues you will need to rebuild UsbKbDxe with a forced controller disconnect at EXIT BS.
      In case of Clover use:
      ./ebuild.sh -D EXIT_USBKB=1
      In case of the original driver see these PCDs. Both should be set to TRUE.
      In case of Clover FixOwnership might help you, but I would not recommend this.
    • AptioInputFix — my driver specific to AMI UEFI BIOS. Still in process of a rewrite and release. Download the testing binary version (updated Feb, 2nd).
      Pros:
      — works without keyboard reconnect or driver flash with USB and PS/2 keyboards in AMI UEFI BIOS;
      — fixes not working mouse input on Z87 and possibly newer;
      Cons:
      — some multisymbol hotkeys will not work (e.g. 3+2, 6+4);
      — key autorepeat might cause issues on some systems;
      — mouse might work a bit slowly on some systems (better than nothing).

      Recommendations:
      A lightweight solution that will mostly work well for some people. If it works for you and you have no desire to flash your BIOS, perhaps it is a good idea.
    Troubleshooting:
    • Hibernation is a no go for those having no hardware nvram and no StrictHibernate in clover config
      No solutions for the time being and no solutions planned.
    • Every reboot requests a password input
      No solutions for the time being and no solutions planned. Without a hardware SMC module it is extremely dangerous.
    • Shutdown button on login screen may cause a restart
      No solutions for the time being.
    • Password change/reset during the volume encryption might cause issues when logging in
      Apple issue. Please refrain from changing or resetting the password before the encryption completes. In cases this is required use your generated recovery key to login into the system.
    • Most of PS/2 keyboard users will not be able to enter the passwords
      No general solutions (aside AptioInputFix).
    Ozmosis:
    For Ozmosis users only 4 drivers might be of some interest:
    — AppleUITheme should fix the grey login screen background;
    — AptioInputFix could be useful if you load Ozmosis from HDD/USB Flash;
    — HashServiceFix and FirmwareVolume could help to fix the HDPI cursor.

Share this post


Link to post
Share on other sites

:thumbsup_anim:  Great work everyone, many thanks I am excited to try it  :thumbsup_anim:

 

Can I please ask at what point of reboot is the password requested as I generally skip the Clover GUI (Login = 0 in Config.plist), would this be a problem?

 

I also use the Apple bluetooth Keyboard, Mouse and Trackpad which work fine both in the BIOS and Clover GUI as they connect with the Apple Broadcom Bluetooth would they be compatible?

Share this post


Link to post
Share on other sites

The pw is requested by boot.efi, clover ui has nothing to do with it. You should choose the right boot entry at least once though.

(Boot macOS from Recovery HD)

 

As for your input devices that needs testing. I would say that they should work almost certainly though.

Share this post


Link to post
Share on other sites

Thanks vit9696, it has been a while since FileVault was first tested with Clover (Back on ProjectOSX and it didn't work) so I will have to familiarise myself with the process again at the weekend when I get home.

Share this post


Link to post
Share on other sites

Thanks vit9696, it has been a while since FileVault was first tested with Clover (Back on ProjectOSX and it didn't work) so I will have to familiarise myself with the process again at the weekend when I get home.

Yes, it never worked before.

Share this post


Link to post
Share on other sites

If anyone can spare the time would you be able to document the process of enabling it please (Nothing too fancy obviously) for example which of the options did you choose etc?

Share this post


Link to post
Share on other sites

I just tested it. It works as described.

You should choose recovery HD on that drive to be able to boot, which make sense if you think how file vault works.

One minor issue is, I had to replug my usb keyboard to be able to type my password, even though I've booted via legacy clover, as described in recommendation. I'll try the AppleKeyAggregator from Apple Firmware, just for test (I mean who would use closed source programs and want to encrypt the drive with it or better decrypt with that?!).

 

Everything else is perfect. Thanks again to all who contributed...

 

Edit: I've tried the original AppleKeyMapAggregator from Apple firmware, even the AptioInputFix. Nothing changed though, I still have to replug my keyboard :(

 

Edit2: Just had the idea, locking from find my mac should theoretically work, right?

Share this post


Link to post
Share on other sites

with legacy Clover, remove the EDK2 UsbKbDxe driver and use mine... also best to use Apple's AppleKeyMapAggregator.

Do not use AmiShim.

Is there a guide to build your UsbKbDxe?

Share this post


Link to post
Share on other sites

I'm using Intel+AMD (black screen during boot) solution for a working sleep. When I enable FV2 Will I have black screen while typing password ?

Share this post


Link to post
Share on other sites

I'm using Intel+AMD (black screen during boot) solution for a working sleep. When I enable FV2 Will I have black screen while typing password ?

Yes, you will have black screen while typing password.

Moreover, there can be one caveat. I initially have two users on the screen and I have to choose one of them by mouse and only then type password.

But you can't use mouse on black screen.

I also using Intel+AMD for working sleep. And I have a monitor with two entry. First entry for Intel, second for AMD with a simple switch between two screens.

Share this post


Link to post
Share on other sites

Does Clover now install all the files required in Drivers64UEFI meaning I just have to enable FileVault via System Preferences > Security and Privacy and reboot letting Clover do it's thing?

 

Files currently in Drivers64UEFI:

post-499606-0-83368100-1477804460.png

Share this post


Link to post
Share on other sites

Does Clover now install all the files required in Drivers64UEFI meaning I just have to enable FileVault via System Preferences > Security and Privacy and reboot letting Clover do it's thing?

 

Files currently in Drivers64UEFI:

attachicon.gifScreen Shot 2016-10-30 at 05.19.07.png

No, UsbKbDxe or other special keyboard driver needed.

FV2 uses own keyboard interface and can't use UEFI BIOS keyboard driver.

Share this post


Link to post
Share on other sites

Good morning Slice and thanks, I added this one...

 

post-499606-0-90159300-1477805476.png

 

 

If I have a password enabled when logging into Sierra, will I get two password prompts when FileVault is enabled?

Share this post


Link to post
Share on other sites

Ok, that didn't go so well. I can't get past the Recovery screen now having let FileVault reboot the computer.

 

How do I access the Clover GUI if timeout is set to 0 please?

Share this post


Link to post
Share on other sites

How does it work with Bluetooth keyboards (for example Apple Magic Keyboard)?

 

You have to have AptioInputFix.efi present for Apple Bluetooth Keyboards to work, I just tested this (Not tested the alternative keyboard driver).

 

Once FV2 is enabled do you have to always boot from the "Boot macOS from Recovery HD" option that appears in the Clover menu?

Share this post


Link to post
Share on other sites

Once FV2 is enabled do you have to always boot from the "Boot macOS from Recovery HD" option that appears in the Clover menu?

 

Yes.

 

EDIT: Do I see it wrong or is UsbKbDxe placed in drivers64 for legacy boot? What sense does that make? Just replace the TianoCore one in the DUET image, that will solve the issue of having to reconnect the keyboard on every boot...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.



×