Help

Imaging Mac that has FV2

Quan_nong
Contributor

Posted on ‎06-11-2015 06:02 AM

Hi Everyone

Does anyone have any idea's or solution if I want to re-image a mac thats already encryted with FileVault2?

Example

Our Mac laptops are encrypted with FV2, but when one is returned to the IT department and we want to re-image from scratch we can netbook and install the Base OSX, but when the image in installed and we reboot the mac all we get is the "flashing folder with the ?"

Is this because the HDD is still encrypted? if so, does anyone have work around or fix

Labels:
0 Kudos
3 REPLIES 3

mm2270
Legendary Contributor III

Posted on ‎06-11-2015 06:33 AM

Are you repartitioning and reformatting the internal drive before putting down the new image? You need to do that. You can't just re-image an encrypted drive and still retain the encryption without the drive being wiped, or at least decrypting it beforehand. That's probably what's going on.

We're not using Casper Imaging here, but I believe those who do already have a workflow for this. We use DeployStudio and we just have some pre-image scripts in our DS workflow that does a repartition on the internal hard drive of the Mac.

0 Kudos

jarednichols
Honored Contributor

Posted on ‎06-12-2015 05:39 AM

If you're booted from something else, a "nuke and pave" script will do the job:

#!/bin/sh

# Author: Jared F. Nichols
# Purpose: Nuke and pave the first internal drive to prepare for imaging.

clear
echo "Do you wish to nuke the internal drive?"
echo "THERE IS NO RECOVERY FROM THIS!"
printf "Y/N? "
read response

case $response in
    Y|y|YES|yes|Yes|yEs|yeS|YEs|yES)
        echo
        echo
        sudo diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
        echo
        echo "Formatting complete."
        echo "Continue with Casper Imaging."
        echo
        echo
        exit 0 # Normal Exit
        ;;
    N|n|NO|no|No|nO)
        echo
        echo
        echo "Quitting"
        echo
        echo
        exit 1 # User quit
        ;;
esac

Warning This script is a bit old and while I believe it'll setup your disk to re-encrypt, please test test test.

0 Kudos

bmarks
Contributor II

Posted on ‎06-12-2015 12:02 PM

We created a little AppleScript app that works great for us. Basically, a small window pops up asking if you want to erase the drive and then it auto-opens Casper Imaging afterwards. The bash script by itself is the same as the previous post. If you use a NetBoot workflow, you can add this to your NetBoot image too. This could obviously be customized for your own needs:

set question to display alert "Would you like to erase the drive before continuing to Casper Imaging?

(NOTE: This will also erase Checkpoint partitions)" buttons {"Erase", "No"} default button 1
set answer to button returned of question

if answer is equal to "Erase" then
    set question to display dialog "Are you sure you want to erase ALL volumes and data from the drive?" buttons {"Yes", "No"} default button 1
    set answer to button returned of question
    if answer is equal to "Yes" then
        do shell script "diskutil eraseDisk "Journaled HFS+" "Macintosh HD" /dev/disk0"
        display dialog "Disk erased. Starting Casper Imaging…" giving up after 2
        tell application "Casper Imaging" to activate
    end if
else
    display alert "Drive was untouched. 

Casper Imaging will now open." giving up after 2
    tell application "Casper Imaging" to activate
end if
0 Kudos