macOS Catalina Recovery Mode Blocker

cainehorr
Contributor III

Question for those running macOS Catalina

I recently noticed that devices deployed with FV2 FDE require either a known user’s password or the FV2 Recovery Key when booting into the Recovery Partition.

Has anyone here dealt with this scenario:

  • Don’t know the user’s password
  • Don’t have a known/working FV2 Recovery Key

Here's the flow...
1. Command+R+Power = Boot into Recovery Mode
2. Answer Challenge Question: User Password or FV2 Recovery Key
3. Wipe Disk/Reinstall macOS, etc.

How does one get past this roadblock?

Thanks!

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

2 ACCEPTED SOLUTIONS

alexjdale
Valued Contributor III

You can go to the Recovery Assistant menu (when it's prompting for your PW or FV key) and choose to wipe the disk with "Erase Mac..." It tells you this will fully erase all volumes on the disk and reinstall macOS.

View solution in original post

cainehorr
Contributor III

Repurposing a Mac running macOS Catalina (10.15.x)

Thanks to @tonybilzi of MacAdmins and @alexjdale of JamfNation for pointing me in the right direction(s)… 👈👇👆👉

Took a couple-few tries but we now have a run book for wiping devices running macOS Catalina…
1. Command+R+Power = Boot Into Recovery Mode
2. Challenge Prompt Page: Navigate to the Recovery Assistant menu and click on Erase Mac
3. Reboot
4. Receive Folder icon with Flashing ?
5. Power Off
6. Command+Option+R+Power = Boot Into Internet Recovery Mode with latest macOS that is compatible with your Mac
7. Open Disk Utility
8. Wipe HD
9. Quit Disk Utility
10. Install macOS (Catalina)
11. Have a beer

NOTE: Based on this flow, it looks like you might be able to just go straight to Internet Recovery Mode, however I have yet to test this method out. YMMV. ¯_(ツ)_/¯

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

View solution in original post

13 REPLIES 13

cainehorr
Contributor III

@rtrouton - Mr. FV FDE Master...

Do you have any thoughts on this?

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

andrew_nicholas
Valued Contributor

The boot environment has a wipe drive ability. If you choose the Recovery Assistant menu icon, there is an option for Erase Mac.

gachowski
Valued Contributor II

Caine,

It was before the Holidays, so my memory may not be 100% : ).. I think I was in recovery mode for the password that wasn't working and I didn't have the FV key and It gave me the option to erase the drive and "loose all data"..

C

cainehorr
Contributor III

@andrew.nicholas - Sounds like you're assuming I'm already in Recovery Mode.

The issue I am experiencing is BEFORE Recovery Mode is presented.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

cainehorr
Contributor III

@gachowski - BEFORE Recovery Mode is presented...

  1. Power on...
  2. Command+R to invoke Recovery Mode
  3. Receive challenge question - PWD or FV2 Key
  4. Recovery Mode

The problem is, without Step 3, you can't get to Step 4.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

alexjdale
Valued Contributor III

You can go to the Recovery Assistant menu (when it's prompting for your PW or FV key) and choose to wipe the disk with "Erase Mac..." It tells you this will fully erase all volumes on the disk and reinstall macOS.

cainehorr
Contributor III

@alexjdale - I did not see such menu. I will double check.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

alexjdale
Valued Contributor III

Not sure what to tell you. When I boot into recovery mode on Catalina, it's in the upper left corner.

cainehorr
Contributor III

According to my Security & Privacy pane, I have 6 minutes until FV2 FDE has completed encrypting the drive on this MBA. I'll boot into Recovery Mode after and confirm.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

cainehorr
Contributor III

@alexjdale

You sir, are correct! Thank you!

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

cainehorr
Contributor III

Repurposing a Mac running macOS Catalina (10.15.x)

Thanks to @tonybilzi of MacAdmins and @alexjdale of JamfNation for pointing me in the right direction(s)… 👈👇👆👉

Took a couple-few tries but we now have a run book for wiping devices running macOS Catalina…
1. Command+R+Power = Boot Into Recovery Mode
2. Challenge Prompt Page: Navigate to the Recovery Assistant menu and click on Erase Mac
3. Reboot
4. Receive Folder icon with Flashing ?
5. Power Off
6. Command+Option+R+Power = Boot Into Internet Recovery Mode with latest macOS that is compatible with your Mac
7. Open Disk Utility
8. Wipe HD
9. Quit Disk Utility
10. Install macOS (Catalina)
11. Have a beer

NOTE: Based on this flow, it looks like you might be able to just go straight to Internet Recovery Mode, however I have yet to test this method out. YMMV. ¯_(ツ)_/¯

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

hunter990
Contributor

Have you looked at using the macOSupgrade script. It saves a lot of those steps. Configure as described and change the parameter to erase and install instead of upgrade. Then it's simply having a policy that you can deploy in Self Service scoped to either a specific user group or enabled for a system as needed. After that it's literally click and go.

We do that for refreshing with the same, or newer, OS. Have set this up at previous gig to allow the user, or desktop tech, to wipe the system, setup using ADE, and recover data from backup. For that we simply used Code42. The erase part doesn't require ADE and since it's using the command Apple put in the installer to begin with, you don't need to jump through hoops at the recovery partition.

https://github.com/kc9wwh/macOSUpgrade

fredrik_virding
Contributor

Hi all!

I ended up with a similar result as you @cainehorr

I located this:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/set_recovery_or_diagnostics_boot_mode

And tested it out. The diagnostics parts seems to work, doing some testing for the recovery part as well.