- Jamf Nation Community
- Products
- Jamf Pro
- Re: Decrypting a Filevault 2 drive
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Decrypting a Filevault 2 drive
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2015 01:23 PM
Hello!
We're in a bit of a pickle here! We encrypted a user's drive with FileVault 2 and an institutional key several years ago. I believe the user was originally running 10.7 or 10.8 when we gave him the machine; at some point he upgraded to Yosemite. We'd now like to migrate the user's data to a new machine.
Our normal practice is to have an account on all of our machines that would be able to decrypt the drive; but this particular machine doesn't have it. Failing that, I booted the machine to the Recovery Partition, stuck in a USB drive with the Filevault.master keychain, opened up a terminal, and attempted to decrypt the drive. Unfortunately, when I try to unlock it, I keep seeing:
Error: -69749: Unable to unlock the Core Storage volume
Did the upgrade to Yosemite break something vis a vis the Recovery Partition? In the meantime I've asked the user to contact us with the password, but I'm wondering if anyone else has seen this.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2015 02:04 PM
I'm not sure specifically why you'd be seeing that error, but you may want to poke around on Rich Trouton's (@rtrouton) blog to see if he has anything posted about this. https://derflounder.wordpress.com/category/filevault-2/
He's pretty much an authority on FileVault 2 related topics.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2015 02:12 PM
Are you just trying to wipe the machine or recover data from the encrypted drive?
Here is some info on simply erasing the volume.
https://derflounder.wordpress.com/2013/06/29/erasing-a-filevault-2-encrypted-volume/
Yosemite creates that CoreStorage volume, so yes, that's why it's there. Boo. You can convert it back to HFS if 1) it's not encrypted or 2) you have the key to decrypt it. ;)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-18-2015 06:06 AM
I've seen that error when using a keychain that has only the institutional recovery key's public key inside. When using a keychain to unlock a FileVault 2-encrypted drive, the keychain needs to have both the institutional recovery key's public and private keys inside.
I have a post on institutional keys and how they work available from here:
https://derflounder.wordpress.com/2014/08/13/filevault-2-institutional-recovery-keys-creation-deploy... (see the Using FileVaultMaster.keychain to recover your data section.)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-18-2018 05:49 AM
I've got a similar issue with a few machines, did you ever get a resolution @GeorgeCasper ?
@rtrouton - I've verified that the Private Key is inside my keychain, and I'm able to unlock other machines with the same command (just different core storage volume ids) fine.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2018 07:41 AM
We ended up having the user work with us to manually move their data off the machine, and then just wiped it.
