Jump to content
vit9696

FileVault 2

358 posts in this topic

Recommended Posts

Since rev 3905 hibernation works on FileVault2 volume. In this case password is not asked.

Explanations followed.

Wow. So you implemented authenticated restart option for filevault, hence it is not supported by all real macs. Nice work.

Share this post


Link to post
Share on other sites
Advertisement

Wow. So you implemented authenticated restart option for filevault, hence it is not supported by all real macs. Nice work.

Because I never hear it is not working on real Mac.

Some tests and dumps show me the way.

What is "authenticated restart option"?

Share this post


Link to post
Share on other sites

'fdesetup authrestart' stores the FV2 unlock key in mem and on supported machines in the SMC. That happens if u upgrade OS X on a FV2 Volume on reboot. No need to enter the passwd on the FV2 uefi unlock screen.

This...

Share this post


Link to post
Share on other sites

Clover3905 ,OS X_10.11.6  - hibernation works on FV2 volume.

Hibernatemode  25.

0:100  0:000  Now is 5.11.2016,  3:49:0 (GMT)
0:100  0:000  Starting Clover revision: 3905 on American Megatrends EFI
0:100  0:000  Build with: [Args: -mc --no-lto -D NO_GRUB_DRIVERS_EMBEDDED -D ENABLE_VBIOS_PATCH_CLOVEREFI -D CHECK_FLAGS -D EXIT_USBKB=1 | -D DISABLE_LTO -D NO_GRUB_DRIVERS_EMBEDDED -D ENABLE_VBIOS_PATCH_CLOVEREFI -D CHECK_FLAGS -D EXIT_USBKB=1 -D USE_BIOS_BLOCKIO -D USE_LOW_EBDA -a X64 -b RELEASE -t XCODE5 -n 9 | OS: 10.11.6 | XCODE: 7.3.1]
0:100  0:000  SelfDevicePath=PciRoot(0x0)\Pci(0x1F,0x2)\Sata(0x4,0xFFFF,0x0)\HD(1,GPT,034095C8-5F4A-4281-85FC-A7A50EF5597F,0x28,0x64000) @DB849C98
........
.......

1:011  0:003  === [ ScanLoader ] ========================================
1:011  0:000  - [02]: 'EFI'
1:011  0:000  - [04]: 'Recovery HD'
1:049  0:038          AddLoaderEntry for Volume Name=Recovery HD
1:059  0:010      Check if volume Is Hibernated:
1:059  0:000      UEFI with NVRAM: yes
1:059  0:000      Boot0082 points to Volume with UUID:508FC8D5-01AB-48BF-9DDD-7123973B92D9
1:059  0:000      boot-image before: PciRoot(0x0)\Pci(0x1F,0x2)\Sata(0x4,0x0,0x0)\5f5ed3000:FACFF350-751C-46A2-86A6-543391FAFD26
1:059  0:000  02 01 0C 00 D0 41 03 0A 00 00 00 00 01 01 06 00 | .....A..........
1:059  0:000  02 1F 03 12 0A 00 04 00 FF FF 00 00 04 04 62 00 | ..............b.
1:059  0:000  35 00 66 00 35 00 65 00 64 00 33 00 30 00 30 00 | 5.f.5.e.d.3.0.0.
1:059  0:000  30 00 3A 00 35 00 30 00 46 00 33 00 43 00 46 00 | 0.:.5.0.F.3.C.F.
1:059  0:000  46 00 41 00 2D 00 31 00 43 00 37 00 35 00 2D 00 | F.A.-.1.C.7.5.-.
1:059  0:000  41 00 32 00 34 00 36 00 2D 00 38 00 36 00 41 00 | A.2.4.6.-.8.6.A.
1:059  0:000  36 00 2D 00 35 00 34 00 33 00 33 00 39 00 31 00 | 6.-.5.4.3.3.9.1.
1:059  0:000  46 00 41 00 46 00 44 00 32 00 36 00 00 00 7F FF | F.A.F.D.2.6.....
1:059  0:000  04 00                                           | ..
1:059  0:000      boot-image after: PciRoot(0x0)\Pci(0x1F,0x2)\Sata(0x4,0xFFFF,0x0)\5f5ed3000:50F3CFFA-1C75-A246-86A6-543391FAFD26
1:062  0:002    =>set entry as hibernated
1:109  0:047          [!] Icon 17 (icons\vol_internal_hfs.icns) not found (path: EFI\CLOVER\themes\BGM)
1:111  0:002          AddLoaderEntry for Volume Name=Recovery HD

 

 

post-617057-0-78301700-1478351671_thumb.jpg

 

 

Share this post


Link to post
Share on other sites

 

  • Troubleshooting:
    • Hibernation is a no go for those having no hardware nvram and no StrictHibernate in clover config

      No solutions for the time being and no solutions planned

I need some clarification here. As hardware NVRAM is broken in Skylake machines, does that mean that hibernation will be impossible with a Skylake configuration, even if one does not use FileVault ?

Share this post


Link to post
Share on other sites

You may not use StrictHibernate that requires hardware nvram. In this case it will be old legacy way to hibernate and it was working in mode 29 previously. Not sure if it is still possible in Sierra.

What to do? Be developer and invent your way.

As well someone should make hardware nvram working on a Skylake system.

Share this post


Link to post
Share on other sites

Using an ASUS Maximus Impact VII (AMI UEFI BIOS) here, firmware revision 3003. I've got one Apple USB keyboard connected to a DELL screen which acts as USB 3.0 hub. The system is set to boot using native UEFI with Clover 3922. macOS 10.12.1.

 

FileVault 2 itself is working flawlessly, but the login screen has issues.

 

With UsbKbDxe, login is possible with a password with mixed upper- and lower-case characters and special characters (German/QWERTZ keymap). Issues are that 1) the keyboard must be plugged in during login and 2) the system freezes during startup very often (like described by vit9696 in first post).

 

With vit9696's AptioInputFix driver, the keyboard kind of works (repeated keys are lost, cmd+a etc don't work), but every password I enter is considered to be incorrect. I've tried changing the password to an all lower-case one without potentially remapped characters (such as z and y). No luck with the simple password. Logging in using the recovery key works with AptioInputFix - odd!

 

@vit9696, would you consider publishing your driver's source code (on GitHub, for proper attribution), or do you at least have a hint on why no password is accepted? I would like to investigate the issue further.

 

Share this post


Link to post
Share on other sites

Hi xver,

 

Regarding cmd+a it should work, except the key mapping is set to my preference, i. e. left to right: ctrl, alt, cmd.

 

Regarding sources… they are in progress of being published. Ask Download-Fritz about the time he completes the review and refactoring process. He is quite busy these days as far as I know, and he also is very peculiar with code style and edk2 structure I am not familiar with xd. If you need them for your the investigation I could send them in private of course.

 

Regarding missed keys. Your asus motherboard appears to have Aptio 4. I did hear of similar issues, and they were caused by two different issues:

1. USB initialisation preference in BIOS must be set to at least partial initialisation, otherwise there are random key misses until a replug.

2. Mouse hooking. It is enabled at least for Haswell and is not for Ivy and lower as well as for Broadwell/Skylake and newer.

I am not sure whether Z97 needs it, the fix was originally necessary only for motherboards with broken SimpleInput protocol implementation, i.e. Z87.

It is very easy to check by removing AptionInputFix and checking whether the mouse works fine in boot.efi.

Another option is to try the attached driver that has it off, this way you could also confirm that your issue is caused by mouse hooking.

Share this post


Link to post
Share on other sites

Hello vit9696,

 

USB initialization is set to partial; this is the firmware's default.

 

The mouse works smoothly in the Clover boot entry selection screen, with and without your driver loaded.

 

On the FileVault login screen, the mouse stutters, but the effect is also the same with and without your driver. The mouse is attached via a Logitech Wireless Receiver, also connected via USB 3.

 

The confusion regarding Cmd+A and similar shortcuts seems to come from my keyboard layout: On the Apple USB keyboard, the functionality is available under Alt+A. With UsbKbDxe, the mapping is correct (Cmd+A).

 

Unfortunately I don't see a driver attached to your post! But I guess that, considering the mouse behaves the same with and without your driver, mouse hooking is unlikely to be at fault.

 

On to the main issue: Login via password work now!  :) The issue was a combination of multiple factors:

 

1. During first login, my password was not accepted due to missing/skipped keys

2. I then logged in using the recovery key and set a new password

3. The new password was never synced to FileVault (Apple bug?)

4. Further login attempts with the new, simple password always failed, thus my forum post / bug report

 

The solution was to 1) change my password and run `sudo fdesetup sync`, and 2) Release the shift key at a certain position while typing to prevent the skipped keys from getting me.

 

Regarding my request for source code: Login works, with workarounds (missed keys). The mouse lags and Cmd+A is not mapped correctly for my keyboard layout... but that's stuff I can live with. Thus, since this is no longer a pressing issue, I'll be waiting for the official release. Thank you for your response and the kind offer to send in private though!

Share this post


Link to post
Share on other sites

I've compared the original to the NoPointer variant from your previous post and found no difference, unfortunately. The symptoms are, in detail:

 

* Keys are missed if they follow each other or are repeated very quickly

* The mouse lags/skips (regardless of your driver being used)

* Cmd/Alt are swapped (Apple USB keyboard)

* When entering capital letters, the last letter only appears after releasing the shift key, not after releasing the letter key

Share this post


Link to post
Share on other sites

On my Z77X-UD5H I can use UsbKb.efi (from AppleModulePkg) without having to replug if I enable UEFI Fast Boot with partial USB initialization.

 

I would use CupertinoModulePkg/UsbKbDxe, AppleModulePkg/UsbKb is meant as reference code.

Also, did you flash it or load via bcfg?

Share this post


Link to post
Share on other sites

I would use CupertinoModulePkg/UsbKbDxe, AppleModulePkg/UsbKb is meant as reference code.

Also, did you flash it or load via bcfg?

Loaded via bcfg. CupertinoModulePkg/UsbKbDxe also works fine, no issues with hotkeys/repeating/etc (which were buggy with AptioInputFix).

Share this post


Link to post
Share on other sites

Guys It seems like there is no way to get this to work with a ps2 keyboard which happens to be in quite a bit of notebooks around. I just wanted to ask if anyone of the smart people in here is able to fix this? Thank you very much for a reply.

Share this post


Link to post
Share on other sites

It gives me something negative with Ami Shim at the top left when Clover starts, but I also have a Insyde H2O Uefi if I understand this correctly Aptio only works with Ami Uefi?

 

Edit: Just tested it, it says Ami Shim installation failed 14.

Share this post


Link to post
Share on other sites

It gives me something negative with Ami Shim at the top left when Clover starts, but I also have a Insyde H2O Uefi if I understand this correctly Aptio only works with Ami Uefi?

 

Edit: Just tested it, it says Ami Shim installation failed 14.

 

Yes, AmiShim is to be used with AMI, hence the name.  :rolleyes:

For InsydeH2O, it's not widespread enough for most people to care about it... though I think somebody wanted to mod a PS/2 keyboard driver for Apple usage at some point.

Share this post


Link to post
Share on other sites

I upgraded to 10.12.2 without any issue. The only quirk I have is the resolution of the File Vault login is lower than the default. Is there a way to change this? The Clover screen shows the correct resolution of 2560x1440 which I have set in the config file.

Share this post


Link to post
Share on other sites

I got the keyboard working with your patches, thank you! I used the "original AppleKeyMapAggregator from Apple firmware" and "AptioInputFix".

 

After I type in the password and it takes me to the next boot screen, I get an error:

"CoreStorageFamily: fsck_cs has finished group "UUID here" with status 0x00

CoreStorageFamily::unlockVeks(UUID::here) VEK unwrap failed. this is normal, except for the root volume"

 

Any ideas or suggestions?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By KyleGP
      Hi all,

      I have 5 disks including four SSDS and a 4TB HDD configured in a CoreStorage (Fusion drive) volume.

      I have Filevault enabled also.

      When I turn on my hackintosh, I am presented with the Filevault screen to select my user, enter my password and continue to decrypt and boot macOS. This works around 80% of the time with no issues at all.

      Sometimes with seemingly no identifiable pattern, after I enter my password it just hangs on the Filevault screen with the loading bar and does not progress. There is no disk activity either. After a while of the hanging, it will just display the prohibitory sign against a black background.

      I have to force shut the hackintosh off with the power button and try to boot again. Usually after I do this, it will boot the second time.

      I'm currently running Sierra 10.12.6 but this has also happened when I tried 10.13 too.

      Clover is fully up to date as of today (r4380). 

      Does anyone know why this might occur?

      The only thing I have picked up on is the drives change disk identifiers and move themselves around (eg. /dev/disk1) during different boot ups so maybe it's getting confused when trying to decrypt and boot as a corestorage volume. I have no idea how to prevent this from happening either.

      Any help or suggestion would really be appreciated.

      My specs are:

      Motherboard: GA-Z97X-UD7 TH
      RAM: 16GB Corsair 1866MHZ Memory
      GFX: 2x Nvidia GTX 760
      CPU: Intel Core i7-4790K 4GHZ
    • By Hunk89
      Hey,
       
      i am a newbie here. I want to build a hackintosh soon and i would like to know if anyone has successfully implemented Filevault 2 with Clover yet?
       
      Can it be done?
      Thanks,
      Hunk
       
    • By Alien::X
      Is there Any Way to Get boot into FileVault and Recovery HD ?
       
       
      1st Ans. >>>>    As I know Recovery HD works After Rebuild Caches of that volume (Partition)
       
       
      2nd Ans. >>> ???(FileVault)
×