Comments (19)
In case this helps anyone, my fork of Unlock supports APFS. Keep in mind that I haven't tested it yet as well as I would like and that you need to install Python 3.
from unlock.
I don't mean to hijack the thread, but for APFS I created a pure bash-based solution to unlock encrypted volumes at startup, see https://github.com/openwall-com-au/BootUnlock (the project can create a package even without any development tools installed, or you can use the released package over there) :)
from unlock.
Hi,
I've made some modifications to the code that should allow this to work with APFS. It works when I run from terminal EXCEPT I'm asked to re-authorize halfway through execution and it doesn't work at all during startup (password is not found). I think it's an Apple issue in the SecItem calls as discussed here ...
https://forums.developer.apple.com/thread/88888
https://forums.developer.apple.com/thread/87095
So, it seems to be blocked until Apple fix this. I'm on 10.13.2 Beta (17C60c) btw, and can't validate against other versions.
Simon
from unlock.
Absolutely great job @jridgewell for CS and @galaxy4public for APFS. Just moved my home folder to an SD Card and was struggling with this lack of MacOS feature. Just thank you!
from unlock.
It's been a few years since I upgraded my mac, and don't use this anymore. I don't know what's required to support AFPS.
I'd be happy to accept a PR.
from unlock.
from unlock.
from unlock.
I upgraded to a new macbook without a cd drive, so I don't have a second hard drive anymore. Are you using AFPS?
from unlock.
from unlock.
Do you mean the install script? Or is it the unlock commands?
from unlock.
from unlock.
That's probably because of my horrible bash scripting. Can you give the output of
diskutil cs info `mount | grep " / " | cut -d " " -f 1`
from unlock.
from unlock.
This is just one of the commands the installer runs, I'm trying to figure out what changed in the text we try to parse.
from unlock.
from unlock.
Apfs has changed a lot.
diskutil cs info `mount | grep " / " | cut -d " " -f 1`
/dev/disk1s1 is not a CoreStorage disk
diskutil apfs
Usage: diskutil [quiet] ap[fs] <verb> <options>
where <verb> is as follows:
list (Show status of all current APFS Containers)
convert (Nondestructively convert from HFS to APFS)
create (Create a new APFS Container with one APFS Volume)
createContainer (Create a new empty APFS Container)
deleteContainer (Delete an APFS Container and reformat disks to HFS)
resizeContainer (Resize an APFS Container and its disk space usage)
addVolume (Export a new APFS Volume from an APFS Container)
deleteVolume (Remove an APFS Volume from its APFS Container)
eraseVolume (Erase contents of, but keep, an APFS Volume)
changeVolumeRole (Change the Role metadata bits of an APFS Volume)
unlockVolume (Unlock an encrypted APFS Volume which is locked)
lockVolume (Lock an encrypted APFS Volume (diskutil unmount))
listCryptoUsers (List cryptographic users of encrypted APFS Volume)
changePassphrase (Change the passphrase of a cryptographic user)
setPassphraseHint (Set or clear passphrase hint of a cryptographic user)
encryptVolume (Start async encryption of an unencrypted APFS Volume)
decryptVolume (Start async decryption of an encrypted APFS Volume)
updatePreboot (Update the APFS Volume's related APFS Preboot Volume)
diskutil apfs <verb> with no options will provide help on that verb
diskutil apfs list
APFS Container (1 found)
|
+-- Container disk1 DCD081F1-B6B7-4EE8-B750-F69252F2F822
====================================================
APFS Container Reference: disk1
Capacity Ceiling (Size): 999590961152 B (999.6 GB)
Capacity In Use By Volumes: 431271096320 B (431.3 GB) (43.1% used)
Capacity Available: 568319864832 B (568.3 GB) (56.9% free)
|
+-< Physical Store disk0s2 9CE096C6-D65F-4FBC-8FEE-9E987D76284E
| -----------------------------------------------------------
| APFS Physical Store Disk: disk0s2
| Size: 999590961152 B (999.6 GB)
|
+-> Volume disk1s1 8D4E430C-8810-37E7-9625-94DC5F634411
| ---------------------------------------------------
| APFS Volume Disk (Role): disk1s1 (No specific role)
| Name: Macintosh HD (Case-insensitive)
| Mount Point: /
| Capacity Consumed: 428373557248 B (428.4 GB)
| Encrypted: Yes (Unlocked)
|
+-> Volume disk1s2 9FC6CF2D-ACD7-4362-A8E6-76208117CA83
| ---------------------------------------------------
| APFS Volume Disk (Role): disk1s2 (Preboot)
| Name: Preboot (Case-insensitive)
| Mount Point: Not Mounted
| Capacity Consumed: 22331392 B (22.3 MB)
| Encrypted: No
|
+-> Volume disk1s3 F8C3B80B-59E3-48B1-8197-C6E7C106E252
| ---------------------------------------------------
| APFS Volume Disk (Role): disk1s3 (Recovery)
| Name: Recovery (Case-insensitive)
| Mount Point: Not Mounted
| Capacity Consumed: 519995392 B (520.0 MB)
| Encrypted: No
|
+-> Volume disk1s4 B24BC1A6-BE7D-447C-859D-50690FFA60B4
---------------------------------------------------
APFS Volume Disk (Role): disk1s4 (VM)
Name: VM (Case-insensitive)
Mount Point: /private/var/vm
Capacity Consumed: 2147504128 B (2.1 GB)
Encrypted: No
from unlock.
@Taffjones That sounds very good. :-) Can you publish your changes?
from unlock.
Ok, but the install script isn’t updated yet (I modified the keychain entry manually) and the Apple bug is a blocker... I’ll have some time to work a bit more on Monday.
Simon
tldr;
For the record, the unlock command is the same for both file systems except one has apfs and the other has cs in the middle. My logic is to store the fs type in the comment field of the keychain entry so the couple of lines of code I’ve added to the executable can plug it into the right part of the command.
from unlock.
Looks like I don't have push access (probably a good thing to be honest)!
I've attached the files I've changed in this zip - @jridgewell maybe you can incorporate them for me.
NOTE - This still needs the Apple keychain bug fix before it'll work
from unlock.
Related Issues (20)
- 2nd Drive is being unlooked without knowing password HOT 2
- security problem: copy system keychain HOT 2
- about "I'm user A. What if user B logs in? Will my home drive be mounted?" HOT 1
- Curl link broken and plist not downloading HOT 1
- compatibility with 10.8.5 Mountain Lion and 10.9.4/10.9.5 Mavericks? HOT 1
- request: please add support for encrypted sparsebundles HOT 2
- Proper location for the binary HOT 3
- Split install script up HOT 1
- Wrong -T path HOT 1
- Specifying Mount Point HOT 1
- macOS Sierra support?
- bash: line 1: 400:: command not found
- APFS encrypted volumes support HOT 1
- Works up to Catalina 10.15.3 HOT 1
- Unlock stopped working after cs conversion HOT 1
- My Harddrive is locked!!! HOT 1
- My external disk is opened read-only HOT 1
- Mountain Lion (10.8) Support? HOT 5
- Tried to install on Mountain Lion HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unlock.