Posted on 12-31-2020 03:16 PM
We are setting up our first Macbook Pro with the new M1 chip. When we enable filevault, the user is prompted for their username and password on boot in just blank fields (one for username another for the password). The drive unlocks and then they get the login with with their badge icon and they have to log in again?
Any idea what is going on?
Posted on 12-31-2020 06:50 PM
not something I'm seeing on our M1. How are you enabling Filevault? Is the machine on 11.0.1 or 11.1?
Posted on 01-04-2021 07:45 AM
We are enabling it through the configuration profile.
Posted on 01-05-2021 06:39 AM
You're not alone.
The M1/Big Sur machines seem to require a double log in. Once at the FileVault unlock screen and again and our NoMad Login screen. We've changed nothing in JAMF and only the M1 machines are affected as far as I can tell.
Posted on 01-05-2021 06:46 PM
Seeing this as well on my M1 Mac Mini.
Posted on 01-05-2021 07:25 PM
we're enabling FV2 with policy and escrow via config profile. not seeing this on our MBP M1 (11.1)
Posted on 01-07-2021 10:51 AM
The only think that I have seen that sounds similar to this is when someone has their local (non-bound) user account password changed via script or a push rather than through the Users and Groups system pref, which causes FV2 to not be changed. This causes FV2 to prompt for the old password and then the normal logon prompt for the new password. Resetting the local user password in Users and Groups solves this.
I doubt this is the same issue since nobody mentioned changing a local password before seeing this - but it may be worth a shot to try to change the local password in Users and Groups (even to the same password) to see if that might re-synch the passwords (or users in some weird way) as a test to see if that has any effect. If it DOES work (which I doubt) it may point to something tinkering with the local user account/password and not doing the same to FV2.
Posted on 01-07-2021 10:56 AM
We see something similar but not a double login.
Mac is AD bound, mobile account, with FV on.
At boot we get a black screen with progress bar for about 10-15 seconds. The login/password box, once authenticated which I assume is FDE auth it boots to the desktop as FDE details are the same as the mobile account details.
What we don't see at auth that we see on intel Mac's is the user images and then just password box.
Posted on 01-08-2021 09:41 AM
Im seeing the same behavior also, M1 MacBook Pro 11.1 FV enabled. Double login.
Posted on 01-08-2021 10:29 AM
We've been seeing this issue as well. Usually it's after all configs from Jamf have completed. Haven't found a way around it, but no passwords are being changed before we see it. So far it's been reported on one 11.1 M1, but previously we saw it on 11.0 and 11.0.1. I'm generally seeing it after a restart, then I run software updates. After that I can reboot the machine several times and don't see it asking to verify the startup disk. Since we don't have zero touch yet, I'm able to catch it before deployment, but I'd still like to see this gone.
Posted on 01-21-2021 04:36 AM
We are seeing this as well on our M1 laptops and mac minis. Opened a case with Apple to ask if this is normal.
Posted on 01-21-2021 09:32 AM
I would just enable it with a policy.
Posted on 01-21-2021 10:12 AM
We have this same issue and have a ticket with Apple on it. We enable FV using a policy.
Posted on 01-22-2021 06:05 AM
Havent seen this so far on M1 MacBook Pro - FV enabled via config policy. Upon reboot, I get the FV enabled users (we have 2) and upon selecting the user just enter password, then we get our acceptable use policy agreement, then the desktop.
Posted on 01-27-2021 08:46 AM
Also seeing this on our m1 Macs. we enable FV with a policy.
Posted on 02-03-2021 07:21 PM
FYI - We updated NoMAD Login to version 1.5.0 RC1 and confirmed this resolved the issue for us.
Posted on 08-12-2021 03:29 AM
James, have you got a link to NoMAD 1.50 RC1 can't find it anywhere.
Posted on 02-09-2021 12:23 AM
we don't use NoMAD and still see this behaviour on our M1 devices (Big Sur 11.2)
Posted on 02-09-2021 03:26 AM
Are there any configs scoped to these macs that contain kernal extensions? This was my issue removed them, wipe and reinstalled OS sorted
Posted on 02-09-2021 04:05 AM
we filtered out the kernel extensions profile for our M1 devices, same result :(
Posted on 02-18-2021 12:34 AM
We use Jamf Connect and see this behaviour on M1 devices only.
Posted on 02-23-2021 01:48 PM
Seeing the same thing on my demo Macbook Pro M1. I was getting the list of users and the associated icons before enabling Filevault. Afterwards, I started getting the login prompt to enter a username and password. Our default configuration profile sets the login window to show all user accounts. The profile applied successfully to the Macbook M1. However, when I check User and Groups (Login Options) it is set to Name and Password and is greyed out (even after unlocking the preference pane). I removed the default profile and it allowed me change it manually to List of users. Once I applied the default config profile back, it changed it again. Only happening on the M1 Mac. All of the others successfully stay on List of Users for login options.
Posted on 02-25-2021 11:57 PM
anyone made progress?
Posted on 03-02-2021 08:56 AM
Isn't this behavior expected though? The machine is encrypted with FileVault. It requires authentication to boot up. Once authenticated to boot it can proceed to the login screen. This is how my checkout [Intel] Macbooks have always behaved.
Posted on 03-02-2021 09:01 AM
Having the same here on an Intel mac with FV enabled (OS 11.2.2). It makes it look like they have to log into the same window twice. Before it was pretty clear they were logging in for FV then again for the OS, now it just looks the same.
Posted on 03-08-2021 09:27 AM
I'm having the same issue on a couple M1 macs, 11.1 and 11.2.1.
Posted on 05-04-2021 12:08 PM
Started seeing this now on 11.2.3 with Jamf Connect 2.3.1 (havent updated to 2.3.2 yet). Also, system hangs at the progress bar and I have to hard shut down. Sometimes a second shut down is needed for the machine to log in.
Posted on 05-05-2021 03:09 AM
For FileVaulted Mac's the login/password boxes instead of user icons is expected as this is Apple's unified login.
The way M1's boot to Filevault authentication has significantly changed see Rich T's post:
Posted on 05-17-2021 01:10 PM
I was just about to give out our first M1 to a customer and saw this. Seems like this shouldn't happen if it's the same account logging in.
Posted on 05-18-2021 10:53 AM
Did some more testing... I first tried removing any config profiles that had Kernel Extensions, ran a machine fresh through the enrollment (DEP) process. Still had the issue. I then replaced my current version of NoMADLogin (v1.4) with the newer 1.5RC2, ran a machine through a fresh DEP enrollment, it was fixed! I was able to login once and it brought me straight to the desktop. I'm still very interested in what NoMadLogin 1.5 does differently on the M1 machines. Anybody have any insight? I tried looking at the config settings for NomadLogin (using authchanger -print) and I couldn't really see anything obvious.
Posted on 08-26-2021 10:14 AM
Maybe too late to comment this, this has to do with a function called FDEAutoLogin. NoMadLogin 1.4 does not respect that, meaning you will have double login. For this reason we changed to JAMF Connect which the OS will pass the login credentials along and the users on FV login screen will go to the desktop upon entering the password.
Posted on 11-02-2021 01:46 PM
Anyone make any progress on this yet?
Posted on 11-02-2021 01:50 PM
We run this and it sets the Filevault unlock to the logo.
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool NO ; diskutil apfs updatePreboot /
You can also check out the comments here: https://derflounder.wordpress.com/2021/01/17/filevault-login-screen-differences-between-intel-and-ap...
Posted on 11-02-2021 01:50 PM
The initial login screen is part of the /Preboot volume, if anything is wrong, it's there. I am not technical enough to figure out what is wrong.
Posted on 11-05-2021 06:34 AM
Anyone happen to have any updates or other workarounds for this issue? Odd that this has been the case for about a year now and there isn't a good workaround for it. The command above doesn't really seem to help in our environment. Wish the person that says they are using NoLoAD version 1.5 RC2 above would say where they got it from so we could test it, too. This is a major inconvenience now that Apple stopped selling the Intel chipsets and we're forced to purchase M1s.
11-05-2021 08:58 AM - edited 11-05-2021 09:03 AM
I share the same thought with you, however given the route that Apple has chosen to go, either you play their games or you ditch them and go Windows. My preference has been slowing moving to the latter in the past few years of the stringent requirements from Apple and make their devices less IT friendly.
I don't even know how many nights of sleep I spent trying to get testing and researches done for various Apple issues. My work doesn't pay me to do research and development, they just want things done. You know what I mean?
Posted on 11-05-2021 09:18 AM
I was able to obtain NoMADLogin 1.5 RC2 from the Macadmin's slack Nomadlogin group. I will warn you, version 1.5 is only suppose to work on ARM processors. For my environment I have it scripted when my Macs enroll, v.1.4 gets pushed to the Intel based machines and v.1.5 gets pushed to the ARM based machines (via Prestage Package Enrollment). The method does require some knowledge of scripting but is working fine for my process at the moment. This may not be a great solution for most users and keep in mind NoMADLogin is freeware so it only gets updated when the contributors find time.
Posted on 11-05-2021 11:33 AM
Dude, THANK YOU. I kinda assumed it might have been on Slack, but wasn't sure. I'll tinker with it and see if I can get it to work with mine. I might use a similar script to what I use for installing Rosetta on our M1s to check the processor first.