I got back a Mac from a client that had enabled FileVault. All I want to do is re-format the drive and be on my way.
I don't ned to save any data. I don't have the unlock key and the system won't boot normally in order to turn off or decrypt the machine.
In Disk Utility I don't have the option of re-partitionaing the drive. In order to just format the main partition I'm prompted to unlock the disk.
Is there any way to just reformat the disk along with any encryption information?
Page 1 / 2
Erase tab in Disk Utility.
Erase tab for the main disk is grayed out.
Are you selecting the drive or the device? If you select the drive, you should be able to hit the Erase tab and flatten it. It removes all CoreStorage volumes.
Here's an excerpt from my deployment document covering this:
b) If the machine is encrypted with FileVault:
i. Cancel any prompts to unlock the internal drive
ii. Open Disk Utility from the Dock
iii. Select the internal drive in the left-hand column
iv. Click the Erase tab
v. From the Format pull down select Mac OS Extended (Journaled).
vi. For Name enter Macintosh HD
vii. Click Erase... and confirm by clicking Erase again
You should also be able to remove the encrypted volume using the following command:
diskutil corestorage delete /Volumes/insert_disk_nameThat should delete the encrypted volume and contents.
Here is my script
#!/bin/sh
UUID=diskutil cs info disk0s2|grep LVG |awk '{ print $4; }'
echo "$UUID"
diskutil cs delete $UUID
diskutil partitionDisk disk0 GPT HFS+ Macintosh HD 100%
I use the following command:
diskutil eraseDisk HFS+ "Macintosh HD" disk0Of course you have to reboot from a different physical medium, otherwise it cannot be completely erased. The standard recovery partition won't do, you will have to use Internet Recovery or Target Disk Mode.
I have NetBoot the Mac with FV2 enabled, but Disk Utility still doesn't give the option to erase or partition??
I've gone to a "nuke & page" script because 10.8's Disk Utility apparently changed something in the GUI such that nuking encrypted disks is difficult.
#!/bin/sh
# Author: Jared F. Nichols
# Purpose: Nuke and pave the first internal drive to prepare for imaging.
clear
echo "Do you wish to nuke the internal drive?"
echo "THERE IS NO RECOVERY FROM THIS!"
printf "Y/N? "
read response
case $response in
Y|y|YES|yes|Yes|yEs|yeS|YEs|yES)
echo
echo
sudo diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
echo
echo "Formatting complete."
echo "Continue with Casper Imaging."
echo
echo
exit 0 # Normal Exit
;;
N|n|NO|no|No|nO)
echo
echo
echo "Quitting"
echo
echo
exit 1 # User quit
;;
esacI save it as a .command file and toss it on the Dock so techs can launch it easy. It prompts for admin credentials, which they have.
We have a similar script in our imaging workflow as Jared's. The partitionDisk command will work no matter what type of encryption is in place. It blows the whole shebang away and flattens it to a single empty partition, ready for partitioning with Recovery HD and the main volume and imaging.
Yeah i am using lock down NetBoot with NetInstall LaunchPad, Finder is locked out and Terminal is disabled. So all I have is Disk Utility. Oh BTW Casper Imaging won't even start if the disk is encrypted!
But Target Mode and disk utility works fine!!?
I have added the Terminal into my NetBoot (Diskless) image and ran all the recommended methods as above but I am getting
Error: -69888: Couldn't unmount diskany ideas?
oh btw netboot is 10.8.2
To use the GUI/disk utility, you have to unlock the drive first. Typing the code is super annoying.
Never mind. I already answered above.
@CasperSally
My Finder is disabled on NetBoot due to security reasons. I guess I will need the Finder huh?
@ fritz.schlapbach
Command returns with the error as in my previous post
i think you can partition the drive to 1 partition again from the gui without unlocking.
yep tried partitioning too....
I just enabled the Full Finder but as soon as I unlock the drive it locks it back!
Something weird going on
BTW I even formatted the drive using Target Mode. But still the same. I think I will use different OS to erase it and see how it goes.
Ok netbooted to my 10.6.8 image and managed to format it at first try. What is the catch if I build ML Mac but using the SL NetBoot? Would the image behave badly as it has been formatted with the previous version of diskutil?
I know the new Macs wouldn't boot from the SL. But we will only need to do this for re-imaging as I think the FV2 is the one causing this issue.
I netboot to 10.8.2 image created on 2012 macbook air and wipe FV2 keys ok via disk utility (after unlocking drive), for whatever that's worth.
@Cem are you sure you can unmount the disk from NetBoot at all? It sounds like you are having the same problem many have had with 10.8 NetBoot images as documented here:
https://jamfnation.jamfsoftware.com/discussion.html?id=5416#respond
I would try unmounting a drive while booted to your 10.8 NBI and see if you can. If you can't, then you are probably suffering from that issue.
Thanks stevewood that was it! All working now. rc.netboot file was blank!
@CasperSally - It's my experience that when booted to another resource with 10.8 - 10.8.2, you could use Disk Utility to erase the disk with ease. With 10.8.3, I am in agreement that you have to unlock the drive first, then reformat as non-encypted. For consistency and speed, I've added Jared's script to the desktop of our 10.8.3 netboot image.
@Jared, thanks for the script. I really like the name and can't explain why I smile every time look at it. I added a few features to the script that might be helpful to our techs.
#!/bin/sh
# Author: Jared F. Nichols
# Purpose: Nuke and pave the first internal drive to prepare for imaging.
# Reference: https://jamfnation.jamfsoftware.com/discussion.html?id=5763
# Modified by Jason Halvorson
# - added displaying of drives and volumes (2013/04/24)
# - added second verification process prior to format drive (2013/04/24)
# - folded to the peer request to not use 'nuke and pave' in the dialog :( (2013/04/24)
clear
echo "Show all drives:"
echo
diskutil list
echo "-----"
echo
echo "This script will reformat /dev/disk0 listed above."
echo "Be aware the list includes external and extra internal drives."
echo
sleep 2
echo
echo "If you are not certain which drive will be reformatted,"
echo "enter 'n' at the next prompt."
echo
echo "Do you wish to remove all partions and reformat the /dev/disk0 drive?"
echo "Type 'y' to continue with formatting or type 'n' to quit this tool."
printf "(y/n) "
read response
case $response in
Y|y|YES|yes|Yes|yEs|yeS|YEs|yES)
echo
echo
echo
echo "All data will be erased from /dev/disk0 with zero chance of recovery."
echo "Are you really sure you want to format it?"
echo "Type 'sure' to continue with formatting or type 'exit' to quit this tool. "
printf "(sure/exit) "
read response2
case $response2 in
sure|Sure|SURE)
echo
echo
sudo diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
echo
echo "The drive... "
echo " has been named 'Macintosh HD'"
echo " is formated as Mac OS X Extended (Journaled)"
echo " removed the recovery partition. Now a single partition."
echo
echo "Continue with Casper Imaging."
echo
echo
exit 0 # Normal Exit
;;
exit|EXIT|Exit|N|n|NO|no|No|nO)
echo
echo
echo "No changes have been made to any drive(s). "
echo
echo
exit 1 # User quit
;;
esac
echo
exit 0 # Normal Exit
;;
N|n|NO|no|No|nO)
echo
echo
echo "No changes have been made to any drive(s)."
echo
echo
exit 1 # User quit
;;
esac@jhalvorson are you still using this process? can this be automated or your techs run this manually?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.