Can’t re-enable FileVault after growing `system` partition

I recently disabled FileVault in order to grow my system partition. This ended up being rather more complicated than expected, but it worked out in the end.

Now that I have resized the system partition, I want to re-encrypt my drive, but I'm getting this error when I attempt to engage FileVault:

FileVault can't be turned on for the disk "system".

Some disk formats don't support the recovery partition required by encryption.
To use encryption, reinstall this version of Mac OS X on a reformatted disk.

This is strange, since the disk has a recovery partition — it was actually moved by Disk Utility in the process of growing the system partition. Here's what diskutil and gpt have to say about it:

$ diskutil list disk0
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *512.1 GB   disk0
   1:       Microsoft Basic Data                         134.2 MB   disk0s1
   2:       Microsoft Basic Data EFI                     209.7 MB   disk0s2
   3:                  Apple_HFS system                  511.1 GB   disk0s3
   4:                 Apple_Boot Recovery HD             650.1 MB   disk0s5

$ sudo gpt show /dev/disk0
       start        size  index  contents
           0           1         PMBR
           1           1         Pri GPT header
           2          32         Pri GPT table
          34      262144      1  GPT part - EBD0A0A2-B9E5-4433-87C0-68B6B72699C7
      262178        2014
      264192      409600      2  GPT part - EBD0A0A2-B9E5-4433-87C0-68B6B72699C7
      673792   998271624      3  GPT part - 48465300-0000-11AA-AA11-00306543ECAC
   998945416     1269760      4  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
  1000215176           7
  1000215183          32         Sec GPT table
  1000215215           1         Sec GPT header

Hmm, turns out I now have two EFI partitions. Apparently Disk Utility decided to change the partition type of my ext4 partition without consulting me. What a jerk.

EDIT: just noticed this related question. Not exactly the same, since that person is not trying to do full-disk encryption.

Best Answer

I decided to streamline the partitioning scheme as much as possible. I deleted my leading, unused partition, but this still didn't make it go.

Somehow the partition type of the EFI partition had gotten changed, so I decided to fix that. There doesn't seem to be any obvious way to do this from within OSX, so I rebooted off of a live Ubuntu boot image on a USB drive. I used gdisk to set the type of the EFI partition to EF, and confirmed that this had also correctly changed its GUID to the correct one for that partition type.

For some reason, under linux the names of the EFI and Recovery partitions had disappeared, so I set them back to the names shown above. I also confirmed that there was a FAT32 filesystem on the EFI partition. Apparently the EFI filesystem is technically a different one from FAT32 but I left it as it was.

And it worked! When I booted back to OSX, I ran Verify on the disk in Disk Utility, which recommended that I run Repair due to some "corruption" in the Recovery Partition, or perhaps just with its header. I ran Repair, which reported success, and was then able to initiate full-disk FileVault encryption.

Best Answer

Related Solutions

MacOS – Unable to login after accidentally powering down laptop as FileVault decryption of HDD was running

MacOS – Can’t modify partitions

Related Question