Unlocking FV2 drive during imaging

andrewh
New Contributor II

Hi,

I recently built a Netboot server to image the computers in my environment. My Netboot image was created using AutoDMG and AutoCasperNBI. I use prestage imaging configurations based on serial number so the imaging process is as automated as possible. On a brand new Mac, imaging works as expected with no issues. However when reimaging an existing Mac, I often run into issue where the Netbooted OS asks for a password to unlock the internal "Macintosh HD". This is because all of our Macs are encrypted via Filevault 2.

I thought the "Local Account" section in the Install payload for the prestage configuration would unlock the encrypted drive so the imaging process could run with minimal interaction but that doesn't seem to be the case; Casper Imaging always errors out, I have to manually type the password in, delete the computer from inventory, flush the prestage config logs, and launch Casper Admin again for it to work.

Does anyone have any tips on being able to image a previously encrypted Mac without manually typing a password in to unlock the drive?

Thanks!

3 REPLIES 3

spotter
New Contributor III

this thread helped me a lot
Reformatting a drive with FileVault2 enabled?

what i ended up doing is using Platypus to create a application that does nothing more than run a script when clicked

diskutil partitionDisk /dev/disk0 1 gpt jhfs+ "Macintosh HD" 100%

its works perfect for our techs...

Brad_G
Contributor II

I did the exact same thing as @Potter with a script in Platypus. I also included a step to force un-mount the disk before the partitioning. The script ends with commands to open Casper Imaging.

My Platypus created app is set to run on startup of my NetBoot image. So it's a completely automated set of events for imaging my lab machines. Be careful of using this setup on non-lab machines as my approach will nuke a drive without giving an option to bail.

mm2270
Legendary Contributor III

We use DeployStudio and do something similar as the first part of the imaging run after we select a config from DS RunTime. The script we use will reformat a regular drive, encrypted/locked drive, or CoreStorage but unlocked drive, as they are now coming with Yosemite pre-installed, so it should work in any scenario.
Then DS takes over and creates the necessary partitions, lays down the OS image and so on.

That said, it would be nice if there was a way to stop the message popping up on encrypted drives asking for the password to unlock it when we boot from our imaging drives. because we see this as well and need to dismiss it typically. I had hoped there was some MCX key like the DoNotOfferNewDisksForBackup Time Machine boolean, but as far as I can see, there is nothing that does that for FV2 drives. Some of our techs used to get confused by this and think they needed to unlock the drive first before re-imaging. Before we reworked our reformatting script if they did unlock the drive it would cause problems with imaging, so thats why I'd love to suppress that dialog. Its actually better if the drive stays unmounted so it can do a proper reformat on it. You can always unlock the drive from Disk Utility later if needed.