After a restore, macOS still requires the disk password. Here what happened:
First, I used diskutil
to format my disk as APFS encrypted and I set a disk password. Then, I installed macOS High Sierra (10.13.6) and restored a TimeMachine backup.
The restore succeed, but something went wrong with disk decryption permissions: now at boot the macOS ask for the disk password (that i know), and afterwards for the user password for my user called john
.
The only allowed user to decrypt the disk is a Disk user.
# diskutil apfs listcryptousers /dev/disk1s1
Cryptographic user for disk1s1 (1 found)
|
+-- 2FFF91FA-12A5-3F55-8252-85AAF1188EBA
Type: Disk User
and
# sysadminctl -secureTokenStatus john
2018-08-20 20:40:55.784 sysadminctl[3561:141251] Secure token is DISABLED for user John X.
Is there a way to allow the existing admin user john
to unlock the disk?
Best Answer
The most reliable way to solve this would be to decrypt your disk and then encrypt it using the Filevault settings page.