Jump to content

FileVault 2

496 posts in this topic

Recommended Posts

Wow. So you implemented authenticated restart option for filevault, hence it is not supported by all real macs. Nice work.

Because I never hear it is not working on real Mac.

Some tests and dumps show me the way.

What is "authenticated restart option"?

Link to comment
Share on other sites

Clover3905 ,OS X_10.11.6  - hibernation works on FV2 volume.

Hibernatemode  25.

0:100  0:000  Now is 5.11.2016,  3:49:0 (GMT)
0:100  0:000  Starting Clover revision: 3905 on American Megatrends EFI
0:100  0:000  SelfDevicePath=PciRoot(0x0)\Pci(0x1F,0x2)\Sata(0x4,0xFFFF,0x0)\HD(1,GPT,034095C8-5F4A-4281-85FC-A7A50EF5597F,0x28,0x64000) @DB849C98

1:011  0:003  === [ ScanLoader ] ========================================
1:011  0:000  - [02]: 'EFI'
1:011  0:000  - [04]: 'Recovery HD'
1:049  0:038          AddLoaderEntry for Volume Name=Recovery HD
1:059  0:010      Check if volume Is Hibernated:
1:059  0:000      UEFI with NVRAM: yes
1:059  0:000      Boot0082 points to Volume with UUID:508FC8D5-01AB-48BF-9DDD-7123973B92D9
1:059  0:000      boot-image before: PciRoot(0x0)\Pci(0x1F,0x2)\Sata(0x4,0x0,0x0)\5f5ed3000:FACFF350-751C-46A2-86A6-543391FAFD26
1:059  0:000  02 01 0C 00 D0 41 03 0A 00 00 00 00 01 01 06 00 | .....A..........
1:059  0:000  02 1F 03 12 0A 00 04 00 FF FF 00 00 04 04 62 00 | ..............b.
1:059  0:000  35 00 66 00 35 00 65 00 64 00 33 00 30 00 30 00 | 5.f.5.e.d.3.0.0.
1:059  0:000  30 00 3A 00 35 00 30 00 46 00 33 00 43 00 46 00 | 0.:.5.0.F.3.C.F.
1:059  0:000  46 00 41 00 2D 00 31 00 43 00 37 00 35 00 2D 00 | F.A.-.1.C.7.5.-.
1:059  0:000  41 00 32 00 34 00 36 00 2D 00 38 00 36 00 41 00 | A.2.4.6.-.8.6.A.
1:059  0:000  36 00 2D 00 35 00 34 00 33 00 33 00 39 00 31 00 | 6.-.
1:059  0:000  46 00 41 00 46 00 44 00 32 00 36 00 00 00 7F FF | F.A.F.D.2.6.....
1:059  0:000  04 00                                           | ..
1:059  0:000      boot-image after: PciRoot(0x0)\Pci(0x1F,0x2)\Sata(0x4,0xFFFF,0x0)\5f5ed3000:50F3CFFA-1C75-A246-86A6-543391FAFD26
1:062  0:002    =>set entry as hibernated
1:109  0:047          [!] Icon 17 (icons\vol_internal_hfs.icns) not found (path: EFI\CLOVER\themes\BGM)
1:111  0:002          AddLoaderEntry for Volume Name=Recovery HD






Link to comment
Share on other sites


  • Troubleshooting:
    • Hibernation is a no go for those having no hardware nvram and no StrictHibernate in clover config

      No solutions for the time being and no solutions planned

I need some clarification here. As hardware NVRAM is broken in Skylake machines, does that mean that hibernation will be impossible with a Skylake configuration, even if one does not use FileVault ?

Link to comment
Share on other sites

You may not use StrictHibernate that requires hardware nvram. In this case it will be old legacy way to hibernate and it was working in mode 29 previously. Not sure if it is still possible in Sierra.

What to do? Be developer and invent your way.

As well someone should make hardware nvram working on a Skylake system.

  • Like 2
Link to comment
Share on other sites

Using an ASUS Maximus Impact VII (AMI UEFI BIOS) here, firmware revision 3003. I've got one Apple USB keyboard connected to a DELL screen which acts as USB 3.0 hub. The system is set to boot using native UEFI with Clover 3922. macOS 10.12.1.


FileVault 2 itself is working flawlessly, but the login screen has issues.


With UsbKbDxe, login is possible with a password with mixed upper- and lower-case characters and special characters (German/QWERTZ keymap). Issues are that 1) the keyboard must be plugged in during login and 2) the system freezes during startup very often (like described by vit9696 in first post).


With vit9696's AptioInputFix driver, the keyboard kind of works (repeated keys are lost, cmd+a etc don't work), but every password I enter is considered to be incorrect. I've tried changing the password to an all lower-case one without potentially remapped characters (such as z and y). No luck with the simple password. Logging in using the recovery key works with AptioInputFix - odd!


@vit9696, would you consider publishing your driver's source code (on GitHub, for proper attribution), or do you at least have a hint on why no password is accepted? I would like to investigate the issue further.


Link to comment
Share on other sites

Hi xver,


Regarding cmd+a it should work, except the key mapping is set to my preference, i. e. left to right: ctrl, alt, cmd.


Regarding sources… they are in progress of being published. Ask Download-Fritz about the time he completes the review and refactoring process. He is quite busy these days as far as I know, and he also is very peculiar with code style and edk2 structure I am not familiar with xd. If you need them for your the investigation I could send them in private of course.


Regarding missed keys. Your asus motherboard appears to have Aptio 4. I did hear of similar issues, and they were caused by two different issues:

1. USB initialisation preference in BIOS must be set to at least partial initialisation, otherwise there are random key misses until a replug.

2. Mouse hooking. It is enabled at least for Haswell and is not for Ivy and lower as well as for Broadwell/Skylake and newer.

I am not sure whether Z97 needs it, the fix was originally necessary only for motherboards with broken SimpleInput protocol implementation, i.e. Z87.

It is very easy to check by removing AptionInputFix and checking whether the mouse works fine in boot.efi.

Another option is to try the attached driver that has it off, this way you could also confirm that your issue is caused by mouse hooking.

  • Like 1
Link to comment
Share on other sites

Hello vit9696,


USB initialization is set to partial; this is the firmware's default.


The mouse works smoothly in the Clover boot entry selection screen, with and without your driver loaded.


On the FileVault login screen, the mouse stutters, but the effect is also the same with and without your driver. The mouse is attached via a Logitech Wireless Receiver, also connected via USB 3.


The confusion regarding Cmd+A and similar shortcuts seems to come from my keyboard layout: On the Apple USB keyboard, the functionality is available under Alt+A. With UsbKbDxe, the mapping is correct (Cmd+A).


Unfortunately I don't see a driver attached to your post! But I guess that, considering the mouse behaves the same with and without your driver, mouse hooking is unlikely to be at fault.


On to the main issue: Login via password work now!  :) The issue was a combination of multiple factors:


1. During first login, my password was not accepted due to missing/skipped keys

2. I then logged in using the recovery key and set a new password

3. The new password was never synced to FileVault (Apple bug?)

4. Further login attempts with the new, simple password always failed, thus my forum post / bug report


The solution was to 1) change my password and run `sudo fdesetup sync`, and 2) Release the shift key at a certain position while typing to prevent the skipped keys from getting me.


Regarding my request for source code: Login works, with workarounds (missed keys). The mouse lags and Cmd+A is not mapped correctly for my keyboard layout... but that's stuff I can live with. Thus, since this is no longer a pressing issue, I'll be waiting for the official release. Thank you for your response and the kind offer to send in private though!

Link to comment
Share on other sites

I've compared the original to the NoPointer variant from your previous post and found no difference, unfortunately. The symptoms are, in detail:


* Keys are missed if they follow each other or are repeated very quickly

* The mouse lags/skips (regardless of your driver being used)

* Cmd/Alt are swapped (Apple USB keyboard)

* When entering capital letters, the last letter only appears after releasing the shift key, not after releasing the letter key

Link to comment
Share on other sites

  • 3 weeks later...

It gives me something negative with Ami Shim at the top left when Clover starts, but I also have a Insyde H2O Uefi if I understand this correctly Aptio only works with Ami Uefi?


Edit: Just tested it, it says Ami Shim installation failed 14.


Yes, AmiShim is to be used with AMI, hence the name.  :rolleyes:

For InsydeH2O, it's not widespread enough for most people to care about it... though I think somebody wanted to mod a PS/2 keyboard driver for Apple usage at some point.

Link to comment
Share on other sites

  • 2 weeks later...

I upgraded to 10.12.2 without any issue. The only quirk I have is the resolution of the File Vault login is lower than the default. Is there a way to change this? The Clover screen shows the correct resolution of 2560x1440 which I have set in the config file.

Link to comment
Share on other sites

I got the keyboard working with your patches, thank you! I used the "original AppleKeyMapAggregator from Apple firmware" and "AptioInputFix".


After I type in the password and it takes me to the next boot screen, I get an error:

"CoreStorageFamily: fsck_cs has finished group "UUID here" with status 0x00

CoreStorageFamily::unlockVeks(UUID::here) VEK unwrap failed. this is normal, except for the root volume"


Any ideas or suggestions?

Link to comment
Share on other sites

  • Create New...