I use FileVault to encrypt all my disks. Lately I had problems restarting my MacBook. After restart, the keyboard and mouse froze at login, making it impossible to login or do anything. It appeared that the solution was to disable FileVault in recovery mode. After that I could login and it all seemed to work.
See MacBook startup problems – mouse and keyboard not working at login / stuck on apple logo
Not long after that I thought to enable Filevault again, and so I did. This was not a good idea. I enabled it, I saw a recovery code that I copied into my Keepass database on the Mac, and restarted. Right after that I got the same problem with frozen keyboard and mouse. So I tried to go back by disabling FileVault, except now my password didn't work anymore.
When I enabled FileVault, no password was asked, so I assumed it would use the same password as I use for login. It works not that way. I can go into recovery mode, enter my password, which works, then try to unlock the disk, which doesn't work. It says: incorrect password.
Backups
I do have several backups, with Time Machine and I have an image of the system disk copied to another disk. This is encrypted as well of course, but that is from before disabling and enabling FileVault, so the old password should work there. I tried to restart pressing C to select the startup disk, but that didn't work as intended.
Questions
- How can I startup from that other disk? I could even use a clean disk with a fresh system if needed.
- What happened to the password when enabling FileVault?
- Is there another way to fix the password issue?
- Can I make a backup of the system disk before erasing it, if I decide to reinstall? If necessary I can even boot into Linux. If so, how?
Best Answer
I had an image of the system disk on an external harddisk. This image was encrypted. I started up in recovery mode with this disk connected, and selected it as boot partition.
After rebooting, it turned out that the problem I had with booting an encrypted partition happened once again. I rebooted once again into recovery mode, then selected this partition, and selected the bottom option (keyboard not working when trying to login). This option decrypts the partition. Another restart, and I could login to the system on this external partition.
Once logged in, I could unlock the internal system disk, which was not possible anymore after I re-enabled encryption last week. Now I could use Superduper to copy the internal disk to a second external disk, which is unencrypted. After completing this, I could reboot from this disk, which was an up-to-date system. This is a rather slow HDD, even with USB3, compared to the internal SSD. Booting takes ages.
Having this setup, I could copy the system back to the internal SSD, unencrypted.
This Macbook Pro Retina (2015) has 2xUSB3 and an internal 120GB SSD. The setup was as follows:
Superduper actions:
The second step took 3 hours for 100GB. I then removed some folders which were not important, after which 80GB remained. It took 16 hours to complete step 4. I don't understand this, but I'll create another question about this.
All in all, I have a working system right now, although unencrypted, and for the time being I'm not going to encrypt again. Options are to create an external test SSD with a copy of the current OS, stripped down, encrypt that and see how that works out. Another option is to install from scratch, encrypted, and see how that works out, while keeping a synced SSD available.