FileVault 2

[arsradu]

2nd stage is a different question, to get to it we needed to fix the 1st stage, which was also broken for many configurations.

We will likely release a fix for Intel with lvs1974 reasonably soon as a part of IntelGraphicsFixup project (at least it was prototyped and proven to be reasonably good).

There might be something for AMD (built into WhateverGreen), but there is only partial success with it at the moment…

As for NVIDIA it will need a completely different approach, and I am not positive I could build something decent for it.

 

 

I see... Well, in the meantime, I managed to build Clover latest revision and give it a try. I personally didn't have any issues before (or maybe I haven't noticed it...?). And...I don't have any issues now. At least regarding the first stage boot.

 

And, second stage is the same (black screen, no bg, no logo, no transparency).

 

Anyway, thank you very much for your efforts. I'm sure it's not easy.

[DADAAA]

Hi!

 

 

First of all: A big step in the right direction and many thanks for that!

 

I tried fv2 and clover on desktop. Works. Impressive!!

 

Now to the important part: Most people need security on mobile devices (no, not the phones u maybe thinking of). These have mostly ps2-keyboards/touchpads...

Please make this work!

 

Thanx! + See u @ 34C3!

 

 

Greets.

 

 

PS: I've read a little bit more. It seems the prob is to get the keyaggregator to work with ps2.

But, we have a working usb and ps2 support.

Why not "bridging" ps2 to usb?

I think that is easier to code than a completely new ps2 driver...

[Sazpaimon]

Hey guys, I tried encrypting my APFS partition, but upon booting into the prebooter with -v, I get the following:

/BuildRoot/Library/Caches/com.apple.xbs/Source/AppleKeyStore/AppleKeyStore-565.31.1/libeks.c: eks_get_file_vault_services: AKS EFI: Initializating Callbacks (local crypto RestartData Protocol found [rc=0])
/BuildRoot/Library/Caches/com.apple.xbs/Source/AppleKeyStore/AppleKeyStore-565.31.1/libeks.c: fv_get_stashed_kek: AKS EFI: Found Stashed KEK (len=0)
apfs_keybag_unlock_record_tag:1620: failed to unwrap volume key, err = 3758097090 (tag=2)
apfs_keybag_unlock_record:1698: failed to unwrap volume key, err = 5
apfs_efi_meta_crypto_state_unwrap:316: apfs_efi_meta_crypto_state_unwrap: apfs_keybag_unlock_record with stashed KEK failed
apfs_mount:17475: failed to unwrap meta crypto state

Any thoughts on how I possibly screwed up?

 

EDIT: I tried installing High Sierra to an HFS+ volume instead, and was also unable to boot. Starting the recovery entry in Clover just freezes after "Using reloc block:no, hibernate wake: no"

[jimmyco2008]

Hello,

 

So based on this thread, it looks like everything I need should be in the Clover package? I'm one of those with a USB keyboard and AMI BIOS. Last I read (on another thread) the driver for my situation was in beta, is this no longer the case?

 

Thank you!

[Slice]

Hello,

 

So based on this thread, it looks like everything I need should be in the Clover package? I'm one of those with a USB keyboard and AMI BIOS. Last I read (on another thread) the driver for my situation was in beta, is this no longer the case?

 

Thank you!

UsbKbDxe is final solution.

[Sazpaimon]

Hey guys, I tried encrypting my APFS partition, but upon booting into the prebooter with -v, I get the following:

/BuildRoot/Library/Caches/com.apple.xbs/Source/AppleKeyStore/AppleKeyStore-565.31.1/libeks.c: eks_get_file_vault_services: AKS EFI: Initializating Callbacks (local crypto RestartData Protocol found [rc=0])
/BuildRoot/Library/Caches/com.apple.xbs/Source/AppleKeyStore/AppleKeyStore-565.31.1/libeks.c: fv_get_stashed_kek: AKS EFI: Found Stashed KEK (len=0)
apfs_keybag_unlock_record_tag:1620: failed to unwrap volume key, err = 3758097090 (tag=2)
apfs_keybag_unlock_record:1698: failed to unwrap volume key, err = 5
apfs_efi_meta_crypto_state_unwrap:316: apfs_efi_meta_crypto_state_unwrap: apfs_keybag_unlock_record with stashed KEK failed
apfs_mount:17475: failed to unwrap meta crypto state

Any thoughts on how I possibly screwed up?

 

EDIT: I tried installing High Sierra to an HFS+ volume instead, and was also unable to boot. Starting the recovery entry in Clover just freezes after "Using reloc block:no, hibernate wake: no"

Any ideas here? I'm able to decrypt these volumes in recovery and on a bootable USB install so there isn't a problem with the volumes.

[adam_leve]

Hi, after successfully enabling Filevault2 in AFPS, I no longer can update System updates, I receive the updates, I download it and asks to restart but after rebooting my build number remains the same.

[Slice]

Hi, after successfully enabling Filevault2 in AFPS, I no longer can update System updates, I receive the updates, I download it and asks to restart but after rebooting my build number remains the same.

Show please preboot.log just after the restart.

[arsradu]

Hi, after successfully enabling Filevault2 in AFPS, I no longer can update System updates, I receive the updates, I download it and asks to restart but after rebooting my build number remains the same.

 

At a first glance, I would say the update is most likely not installed (that's why the build number stays the same).  And the problem is probably the partition targeting.

 

Do you see the "Install MacOS from [whatever]" option in Clover GUI? That's what you should be looking for upon restarting your computer, in order to successfully install the updates.

 

If you have hidden partitions, you should press F3 on Clover UI screen in order to show all the available options and choose the one that says "Install..." on it.

 

And, as Slice said, a preboot.log might help to see what's happening in your case.

[adam_leve]

Show please preboot.log just after the restart.

 

I can't find preboot.log in Clover/misc. Where can I find it ?

[adam_leve]

At a first glance, I would say the update is most likely not installed (that's why the build number stays the same).  And the problem is probably the partition targeting.

 

Do you see the "Install MacOS from [whatever]" option in Clover GUI? That's what you should be looking for upon restarting your computer, in order to successfully install the updates.

 

If you have hidden partitions, you should press F3 on Clover UI screen in order to show all the available options and choose the one that says "Install..." on it.

 

And, as Slice said, a preboot.log might help to see what's happening in your case.

 

Ran the update second time and I don't see any "Install MacOS from .." After restarting to complete the update, the bar doesn't complete for the update and it reboots. 

 

How do I get the preboot.log ?

[Slice]

I can't find preboot.log in Clover/misc. Where can I find it ?

Press F2 in Clover GUI before starting OS.

[adam_leve]

Press F2 in Clover GUI before starting OS.

 

Here you go - http://www8.zippyshare.com/v/Tn4mrCE3/file.html

[jqqqqq]

Wonder if Phoenix BIOS could use PS2 keyboard someday...

All the models of Lenovo are using Phoenix BIOS

 

Using UsbKbDXE enables usb keyboard, but require unplug and plug in again.

Using AptioInputFix, neither of PS2 keyboard or usb keyboard works.

 

I could help testing but I don't have the ability to create one...

[Slice]

Here you go - http://www8.zippyshare.com/v/Tn4mrCE3/file.html

Should I install some malware just to see what you speak?

You can attach the file directly to your post.

Wonder if Phoenix BIOS could use PS2 keyboard someday...

All the models of Lenovo are using Phoenix BIOS

 

Using UsbKbDXE enables usb keyboard, but require unplug and plug in again.

Using AptioInputFix, neither of PS2 keyboard or usb keyboard works.

 

I could help testing but I don't have the ability to create one...

Yes, UsbKbDxe requires unplug the cable. I have not found the better way to go.

[adam_leve]

Should I install some malware just to see what you speak?

You can attach the file directly to your post.

 

Here is without Malware-

preboot.log.zip

[Slice]

Here is without Malware-

OK.

The problem may arise from your clover is too old made before apfs patches.

0:100  0:000  Starting Clover revision: 4173 on American Megatrends EFI

[adam_leve]

 

OK.

The problem may arise from your clover is too old made before apfs patches.

0:100  0:000  Starting Clover revision: 4173 on American Megatrends EFI

 

I should update my clover, that's it ?

[mhaeuser]

Wonder if Phoenix BIOS could use PS2 keyboard someday...

All the models of Lenovo are using Phoenix BIOS

 

Using UsbKbDXE enables usb keyboard, but require unplug and plug in again.

Using AptioInputFix, neither of PS2 keyboard or usb keyboard works.

 

I could help testing but I don't have the ability to create one...

AptioInputFix uses AMI protocols and hence can only work on Aptio.

Replugging the USB kb should not be needed... Slice, are you sure WaitForOs is even triggered/the control flow is alright?

 

EDIT: Duh, actually it was an AMI bug we found out about when it was released, hence the CupertinoNet version does not have that code. You can remove it actually and there probably will not be a fix.

[arsradu]

I should update my clover, that's it ?

 

Yes, you should. I remember there was a minimum version (4250...or something, if I remember correctly) for the installations to work properly.

[adam_leve]

Yes, you should. I remember there was a minimum version (4250...or something, if I remember correctly) for the installations to work properly.

 

K, I tried updating Clover via preference panel and it stays the same. What can be wrong here ?

 

Install-Log

Clover EFI installer log - Sun Jan 14 05:52:39 IST 2018
Installer version: v2.4k r4369 EFI bootloader
======================================================
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *256.1 GB   disk0
   1:       Microsoft Basic Data Windows                 75.2 GB    disk0s1
   2:                 Apple_APFS Container disk1         179.7 GB   disk0s2
   3:       Microsoft Basic Data                         470.8 MB   disk0s3
   4:                        EFI EFI                     315.2 MB   disk0s4
   5:       Microsoft Basic Data                         367.0 MB   disk0s5

/dev/disk1 (synthesized):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      APFS Container Scheme -                      +179.7 GB   disk1
                                 Physical Store disk0s2
   1:                APFS Volume MacOS                   41.0 GB    disk1s1
   2:                APFS Volume Preboot                 19.8 MB    disk1s2
   3:                APFS Volume Recovery                518.6 MB   disk1s3
   4:                APFS Volume VM                      2.1 GB     disk1s4

/dev/disk2 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *1.0 TB     disk2
   1:       Microsoft Basic Data Data                    1.0 TB     disk2s1

/dev/disk3 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *4.0 GB     disk3
   1:                 DOS_FAT_32 NO NAME                 4.0 GB     disk3s1

Target volume /Volumes/MacOS on disk1 is APFS on physical store disk0s2
======================================================
Backing up EFI files

Backing up /Volumes/MacOS/EFIROOTDIR/EFI folder to /Volumes/MacOS/EFI-Backups/r4173/2018-01-14-05h52/EFI
======================================================
Installing BootSectors/BootLoader

Stage 0 - Don't write any of boot0af, boot0md, boot0ss to /
Stage 1 - Don't write any of boot1h2, boot1f32alt, boot1xalt to /

Removing drivers64UEFI/VBoxHfs-64.efi driver because HFSPlus driver present
======================================================
Installing RC Scripts

Installing RC scripts on target volume '/'


======================================================
=========== Clover EFI Installation Finish ===========
======================================================

Update:It has been resolved now, it was the old Clover causing the issue not to display option to boot "Install from Preboot"

 

But, I have one cosmetic issue, the boot entry "Install from Preboot" should be gone after update but it's not.

[michyprima]

Any ideas here? I'm able to decrypt these volumes in recovery and on a bootable USB install so there isn't a problem with the volumes.

did you ever find a fix for this? can't seem to get around that problem.

[Sazpaimon]

did you ever find a fix for this? can't seem to get around that problem.

 

Nope, I pretty much gave up on Filevault for the time being. Are you getting the same error on APFS?

[michyprima]

Nope, I pretty much gave up on Filevault for the time being. Are you getting the same error on APFS?

yeah, same error. I can't even use HFS+ because I have an ssd so the installer always reformats to APFS.

Tried everything, even specifying the correct partition using the rd= kernel parameter. Nothing :/

 

edit: I finally got that {censored} to boot using OsxAptioFix2Drv-free2000.efi and using the boot-uuid=PARTITION_UUID_HERE rd=*uuid args

[arsradu]

 

But, I have one cosmetic issue, the boot entry "Install from Preboot" should be gone after update but it's not.

 

I think....that one will always be displayed. Regardless of whether or not you have a pending installation.

 

BUT I could be wrong. So maybe someone else can confirm/deny this. Also, I think you might be able to hide that entry using the Custom Entries feature of Clover.