Jamf Nation Community

Erase tab for the main disk is grayed out.

Are you selecting the drive or the device? If you select the drive, you should be able to hit the Erase tab and flatten it. It removes all CoreStorage volumes.

Here's an excerpt from my deployment document covering this:
b) If the machine is encrypted with FileVault:
i. Cancel any prompts to unlock the internal drive
ii. Open Disk Utility from the Dock
iii. Select the internal drive in the left-hand column
iv. Click the Erase tab
v. From the Format pull down select Mac OS Extended (Journaled).
vi. For Name enter Macintosh HD
vii. Click Erase... and confirm by clicking Erase again

You should also be able to remove the encrypted volume using the following command:

diskutil corestorage delete /Volumes/insert_disk_name

That should delete the encrypted volume and contents.

Here is my script

#!/bin/sh

UUID=diskutil cs info disk0s2|grep LVG |awk '{ print $4; }'

echo "$UUID"

diskutil cs delete $UUID

diskutil partitionDisk disk0 GPT HFS+ Macintosh HD 100%

I use the following command:

diskutil eraseDisk HFS+ "Macintosh HD" disk0

Of course you have to reboot from a different physical medium, otherwise it cannot be completely erased. The standard recovery partition won't do, you will have to use Internet Recovery or Target Disk Mode.

I have NetBoot the Mac with FV2 enabled, but Disk Utility still doesn't give the option to erase or partition??

I've gone to a "nuke & page" script because 10.8's Disk Utility apparently changed something in the GUI such that nuking encrypted disks is difficult.

#!/bin/sh

# Author: Jared F. Nichols
# Purpose: Nuke and pave the first internal drive to prepare for imaging.

clear
echo "Do you wish to nuke the internal drive?"
echo "THERE IS NO RECOVERY FROM THIS!"
printf "Y/N? "
read response

case $response in
    Y|y|YES|yes|Yes|yEs|yeS|YEs|yES)
        echo
        echo
        sudo diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
        echo
        echo "Formatting complete."
        echo "Continue with Casper Imaging."
        echo
        echo
        exit 0 # Normal Exit
        ;;
    N|n|NO|no|No|nO)
        echo
        echo
        echo "Quitting"
        echo
        echo
        exit 1 # User quit
        ;;
esac

I save it as a .command file and toss it on the Dock so techs can launch it easy. It prompts for admin credentials, which they have.

We have a similar script in our imaging workflow as Jared's. The partitionDisk command will work no matter what type of encryption is in place. It blows the whole shebang away and flattens it to a single empty partition, ready for partitioning with Recovery HD and the main volume and imaging.

Yeah i am using lock down NetBoot with NetInstall LaunchPad, Finder is locked out and Terminal is disabled. So all I have is Disk Utility. Oh BTW Casper Imaging won't even start if the disk is encrypted!
But Target Mode and disk utility works fine!!?

I have added the Terminal into my NetBoot (Diskless) image and ran all the recommended methods as above but I am getting

Error: -69888: Couldn't unmount disk

any ideas?

oh btw netboot is 10.8.2

To use the GUI/disk utility, you have to unlock the drive first. Typing the code is super annoying.

Never mind. I already answered above.

@CasperSally
My Finder is disabled on NetBoot due to security reasons. I guess I will need the Finder huh?

@ fritz.schlapbach
Command returns with the error as in my previous post

i think you can partition the drive to 1 partition again from the gui without unlocking.

yep tried partitioning too....
I just enabled the Full Finder but as soon as I unlock the drive it locks it back!
Something weird going on

BTW I even formatted the drive using Target Mode. But still the same. I think I will use different OS to erase it and see how it goes.

Ok netbooted to my 10.6.8 image and managed to format it at first try. What is the catch if I build ML Mac but using the SL NetBoot? Would the image behave badly as it has been formatted with the previous version of diskutil?

I know the new Macs wouldn't boot from the SL. But we will only need to do this for re-imaging as I think the FV2 is the one causing this issue.

I netboot to 10.8.2 image created on 2012 macbook air and wipe FV2 keys ok via disk utility (after unlocking drive), for whatever that's worth.

@Cem are you sure you can unmount the disk from NetBoot at all? It sounds like you are having the same problem many have had with 10.8 NetBoot images as documented here:

https://jamfnation.jamfsoftware.com/discussion.html?id=5416#respond

I would try unmounting a drive while booted to your 10.8 NBI and see if you can. If you can't, then you are probably suffering from that issue.

Thanks stevewood that was it! All working now. rc.netboot file was blank!

@CasperSally - It's my experience that when booted to another resource with 10.8 - 10.8.2, you could use Disk Utility to erase the disk with ease. With 10.8.3, I am in agreement that you have to unlock the drive first, then reformat as non-encypted. For consistency and speed, I've added Jared's script to the desktop of our 10.8.3 netboot image.

@Jared, thanks for the script. I really like the name and can't explain why I smile every time look at it. I added a few features to the script that might be helpful to our techs.

#!/bin/sh

# Author: Jared F. Nichols
# Purpose: Nuke and pave the first internal drive to prepare for imaging.
# Reference:  https://jamfnation.jamfsoftware.com/discussion.html?id=5763
# Modified by Jason Halvorson
# - added displaying of drives and volumes (2013/04/24)
# - added second verification process prior to format drive (2013/04/24)
# - folded to the peer request to not use 'nuke and pave' in the dialog :( (2013/04/24)

clear
echo "Show all drives:"
echo
diskutil list
echo "-----"
echo 
echo "This script will reformat /dev/disk0 listed above."
echo "Be aware the list includes external and extra internal drives."
echo 
sleep 2
echo 
echo "If you are not certain which drive will be reformatted,"
echo "enter 'n' at the next prompt."
echo
echo "Do you wish to remove all partions and reformat the /dev/disk0 drive?"
echo "Type 'y' to continue with formatting or type 'n' to quit this tool."
printf "(y/n) "
read response

case $response in
    Y|y|YES|yes|Yes|yEs|yeS|YEs|yES)
        echo
        echo
        echo
            echo "All data will be erased from /dev/disk0 with zero chance of recovery."
            echo "Are you really sure you want to format it?"
            echo "Type 'sure' to continue with formatting or type 'exit' to quit this tool. "
            printf "(sure/exit) "
            read response2

            case $response2 in
            sure|Sure|SURE)
            echo
            echo
            sudo diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
            echo
            echo "The drive... "
            echo "  has been named 'Macintosh HD'"
            echo "  is formated as Mac OS X Extended (Journaled)"
            echo "  removed the recovery partition.  Now a single partition."
            echo 
            echo "Continue with Casper Imaging."
            echo
            echo
            exit 0 # Normal Exit
            ;;
            exit|EXIT|Exit|N|n|NO|no|No|nO)
            echo
            echo
            echo "No changes have been made to any drive(s). "
            echo
            echo
            exit 1 # User quit
            ;;
            esac
        echo
        exit 0 # Normal Exit
        ;;
    N|n|NO|no|No|nO)
        echo
        echo
        echo "No changes have been made to any drive(s)."
        echo
        echo
        exit 1 # User quit
        ;;
esac

@jhalvorson are you still using this process? can this be automated or your techs run this manually?

@wmateo, still use the script as a manual process. It's located on the desktop when our techs use Netboot. They have to manually click on the script to run it when it's needed.

I have noticed that with 10.9, it looks like you can erase a encrypted drive using Disk Utility. I think you have to unlock it first. By default Disk Utility will want to format the drive as "Mac OS Extended (Journaled, Encrypted)" and you'll need to change it to "Mac OS Extended (Journaled)".

I would not want to have the script run automatically, because there can be many variations of hard drives connected to the system. The tech might net boot, or boot from a external drive. They might also have another drive connected for backing up the user's data. I don't want to take chances at nuke and paving the wrong drive. That's also why the script includes the list of connected drive and informs the tech to be certain disk0 is the one you want formatted. With more effort in the script, I believe you could display the list of drives and prompt the tech for the correct drive to format.

@jhalvorson Thanks, yes, that is possible but with the NetInstall Creator the casper imaging app wont even run, because drive is not unlocked. so I have resorted to making my own NetBoot Image and including Diskutility in it.

Updated script to fix issue with error 69888 (couldn't umount disk)

#!/bin/sh

# Author: Jared F. Nichols
# Purpose: Nuke and pave the first internal drive to prepare for imaging.
# Reference:  https://jamfnation.jamfsoftware.com/discussion.html?id=5763
# Modified by Jason Halvorson
# - added displaying of drives and volumes (2013/04/24)
# - added second verification process prior to format drive (2013/04/24)
# - folded to the peer request to not use 'nuke and pave' in the dialog :( (2013/04/24)
# Modified by Erik Aulin
# - added unmountDisk to adress error 69888

clear
echo "Show all drives:"
echo
diskutil list
echo "-----"
echo
echo "This script will reformat /dev/disk0 listed above."
echo "Be aware the list includes external and extra internal drives."
echo
sleep 2
echo
echo "If you are not certain which drive will be reformatted,"
echo "enter 'n' at the next prompt."
echo
echo "Do you wish to remove all partions and reformat the /dev/disk0 drive?"
echo "Type 'y' to continue with formatting or type 'n' to quit this tool."
printf "(y/n) "
read response

case $response in
    Y|y|YES|yes|Yes|yEs|yeS|YEs|yES)
        echo
        echo
        echo
            echo "All data will be erased from /dev/disk0 with zero chance of recovery."
            echo "Are you really sure you want to format it?"
            echo "Type 'sure' to continue with formatting or type 'exit' to quit this tool. "
            printf "(sure/exit) "
            read response2

            case $response2 in
            sure|Sure|SURE)
            echo
            echo
            sudo diskutil unmountDisk force /dev/disk0
            sudo diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
            echo
            echo "The drive... "
            echo "  has been named 'Macintosh HD'"
            echo "  is formated as Mac OS X Extended (Journaled)"
            echo "  removed the recovery partition.  Now a single partition."
            echo
            echo "Continue with Casper Imaging."
            echo
            echo
            exit 0 # Normal Exit
            ;;
            exit|EXIT|Exit|N|n|NO|no|No|nO)
            echo
            echo
            echo "No changes have been made to any drive(s). "
            echo
            echo
            exit 1 # User quit
            ;;
            esac
        echo
        exit 0 # Normal Exit
        ;;
    N|n|NO|no|No|nO)
        echo
        echo
        echo "No changes have been made to any drive(s)."
        echo
        echo
        exit 1 # User quit
        ;;
esac

Hey is anybody seeing this with Sierra .3?

diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%
Started partitioning on disk0
Unmounting disk
Error: -69877: Couldn't open device
(Is a disk in use by a storage system such as AppleRAID, CoreStorage, or APFS?)

Hi @gachowski , I have seen this and was able to get around it by using "diskutil cs revert logicalvolumeidstring". "diskutil cs list" to get the ID. Once reverted, repartitioning worked. In my case, it was an unencrypted corestorage device.

I ran into it while netbooting and wiping a drive on a Mac mini.

-Dennis

@dmueller

Thanks Dennis, That got me focused and found my issue I had code for cs in my script, but it wasn't pulling the correct info... : )

C

[@dmueller](@dmueller)
I have been trying since one moth I could do nothing with the usb I try your solution but this what I got when I post the "diskutil cs list this "No CoreStorage logical volume groups found", I am feeling loose.

Hi @alex.villalta.10, you may need to unmount the drive first. Depending on what you see with "diskutil list", if the drive is disk0, you can try "sudo diskutil unmountDisk disk0" first, then try to repartition the drive. CoreStorage is typically seen with the fusion drives and those encrypted with FileVault2.

Hope this helps.

-Dennis

Hi, on Macbook Pro A1706 i had Firewault enabled drive. I did boot to Recovery mode. In terminal i ran the command " diskutil cs delete UUID " .
Then i did reboot. Well, i did not made new partition.

Now when i am trying to boot from USB device ( key ALT held on start ), it shows me USB with new OS. After selecting boot device, the " NO WAY " sign is shown.

What to do now please ?

I am able to boot to Internet Recovery, but i do not know, if i deleted whole disk, including icloud etc. because i forgot the password.

Thanks for advice, Lucas