MacOS – Why are some users visible with encrypted system partition on macOS Sierra

encryptionfilesystemfilevaultmacospartition

I performed a fresh install of macOS Sierra onto a 2012 MBP13 non-Retina SSD. The install was from a USB flashdrive installer, and I set up the system drive partitions manually with a case-sensitive encrypted system volume, a FAT partition that I later installed Windows on, and a case-insensitive unencrypted volume for Steam data (Steam doesn't work for some reason, but that's another question!)

Partition map while MacOS is running:

aluminum:Downloads dhm$ diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:          Apple_CoreStorage Aluminum                319.8 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
   4:       Microsoft Basic Data BOOTCAMP                146.3 GB   disk0s4
   5:                  Apple_HFS Steam                   32.9 GB    disk0s5

/dev/disk1 (internal, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS Aluminum               +319.5 GB   disk1
                                 Logical Volume on disk0s2
                                 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
                                 Unlocked Encrypted

During MacOS installation, I created a user account. Then afterward, I created two more. Now, when I reboot, I can choose MacOS or Windows (no recovery option). When I boot MacOS, I get a chooser that offers "Enter Disk Password," "User 2" and "User 3" (No choice to log into the account I made during installation.)

If I enter the disk password, then I get "User 1," "User 2" and "User 3," and everything works as expected. If I don't enter the disk password and just log in as "User 2" or "User 3," I get a desktop but things don't work right (lots of "Please fix the library" messages.)

My questions:

Why can I log in as "User 2" or "User 3" even without entering the disk password? (I would expect all the system-partition information to be encrypted, but it looks like there's at least some unencrypted information lying around.)
What's the difference between this setup and the alternative "Do a normal, unencrypted install, then turn on FileVault?"
Where can I read more about the various methods macOS uses to support multiple partitions, encrypted partitions, logical volumes & so forth?

Best Answer

Not sure what the "please fix the library" message means but all of your data is encrypted on the boot partition. You can use a disk password, recovery key or allowed user passwords to unlock a FileVault disk.

When you do it the "normal way" as you mentioned above you won't end up with a disk password. No big deal.

It sounds like User 1 isn't allowed to unlock the disk in this case. You can use the fdesetup command for things like this. For example, to see which users are allowed to unlock the disk:

$ sudo fdesetup list
Password:
macmanager, 51361A22-B6F2-4384-8E0D-F4973BE74957

While logged in as any user you can look in System Preferences > Security & Privacy > FileVault and if some users aren't allowed to unlock the disk there will be a warning with a button to enable users.

You can also use fdesetup to add users to the list, assuming you know their password:

$ sudo fdesetup add -usertoadd davem
Enter a password for '/', or the recovery key:
Enter the password for the added user 'davem':

Related Solutions

MacOS – Can’t modify partitions

Thanks @Tetsujin. The listing looked a little screwy so I was a little hesitant to go mucking around with the command-line diskutil. But I ended up doing a

diskutil corestorage list

and then

diskutil corestorage delete [UUID of 50GB Logical Volume Group]

GUI Disk Utility correctly saw the 50 GB of empty space as part of the other Logical Volume Group and I was able to delete it and merge it back in fine.

I think I messed up the Fusion Drive on the 1TB iMac (with BootCamp)

Theoretically everything is fine with your Fusion Drive. Fusion Drives look like this. Disk0 is your SSD with 121 GB and disk1 is your HDD with ~1 TB (~1.121 TB summed up).

The larger parts of your SSD (disk0s2) and your HDD (disk1s2) are pooled to a CoreStorage LVG (Fusion Drive: disk3) with a size of 967.8 GB. The rest is reserved for EFIs, a Recovery HD (alltogether ~1.3 GB) and your old Windows partition - now probably free space (~152 GB).

The logical volume 'Macintosh HD' (967.8 GB) spans disk0s2 and disk1s2. This is the first 'Macintosh HD' in picture 1. The volume 'Macintosh HD' - it's the one visible on the desktop - should ideally also have about 967.8 GB. This is the second 'Macintosh HD' in picture 1.
In fact it has only 852.67 GB (see picture 3).

In the second picture the logical volume 'Macintosh HD' is the first listed in black, the volume 'Macintosh HD' is the second listed in black, the other two 'Macintosh HD's listed in grey are the parts of your SSD and HDD dedicated to the logical volume 'Macintosh HD'.

In my opinion something went wrong after deleting various partitions with the Bootcamp Assistant/Disk Utility or in Windows.

Preparation:

Detach any external drive (especially your external Time Machine backup drive)
Restart to Internet Recovery Mode by pressing alt cmd R at startup.
The prerequisites are the latest firmware update installed, either ethernet or WLAN (WPA/WPA2) and a router with DHCP activated.
On a 50 Mbps-line it takes about 4 min (presenting a small animated globe) to boot into a recovery netboot image which usually is loaded from an apple/akamai server.

I recommend ethernet because it's more reliable. If you are restricted to WIFI and the boot process fails, just restart your Mac until you succeed booting.

Alternatively you may start from a bootable installer thumb drive (preferably Mavericks or Yosemite) or a thumb drive containing a full system (preferably Mavericks or Yosemite).

Now you may either repair CoreStorage or rebuild your Fusion Drive:

'Repair CoreStorage' (not recommended):

First i would try to check the volume 'Macintosh HD' with Disk Utility. If the volume is corrupted consider a reinstall of Mac OS X.
If the volume is ok quit Disk Utility
Open Terminal and enter diskutil unmountDisk /dev/LVIdentifier and both diskutil unmountDisk /dev/DiskContainingApple_CoreStorageIdentifier
In your case: first diskutil unmountDisk /dev/disk3 then diskutil unmountDisk /dev/disk0 and diskutil unmountDisk /dev/disk1
remove the EFI NO NAME partition with gpt remove -i IndexNumberOfEFINoName DiskIdentifier:
gpt remove -i 4 disk1
Remount the CoreStorage disks and then the Logical Volume:
In your case: first diskutil mountDisk /dev/disk0 and diskutil mountDisk /dev/disk1 and then diskutil mount /dev/disk3.

enter gpt -r -vvv show /dev/diskIdentfierOfApple_CoreStorage to get infos of your HDD CoreStorage disk.
In your case: gpt -r -vvv show /dev/disk1
It should look like this:

-bash-3.2# gpt -r -vvv show /dev/disk1
gpt show: /dev/disk1: mediasize=1000204886016; sectorsize=512;         blocks=1953525168
gpt show: /dev/disk1: PMBR at sector 0
gpt show: /dev/disk1: Pri GPT at sector 1
gpt show: /dev/disk1: GPT partition: type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, start=40, size=409600
gpt show: /dev/disk1: GPT partition: type=53746F72-6167-11AA-AA11-00306543ECAC, start=409640, size=1671210848
gpt show: /dev/disk1: GPT partition: type=426F6F74-0000-11AA-AA11-00306543ECAC, start=1671620488, size=1269760
gpt show: /dev/disk1: Sec GPT at sector 1953525167                               
     start          size  index contents                                        
         0             1        PMBR                                            
         1             1        Pri GPT header                                  
         2            32        Pri GPT table                                   
        34             6
        40        409600      1 GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
    409640    1671210848      2 GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
1671620488       1269760      3 GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
1672890248     280634887
1953525135            32        Sec GPT table
1953525167             1        Sec GPT header

The free space on your HDD has 280634887 blocks. Please calculate the biggest block number dividable through 8. That's 280634880 blocks (á 512 bytes) which equals 143685058560 B or ~143.7 GB. Add the size of your HDD CoreStorage Physical Volume (852666400768 B) The result is 143685058560 B + 852666400768 B = 996351459328 B
Resize your HDD CoreStorage physical volume with diskutil cs resizeDisk HDDPVUUID newsize
In your case: diskutil cs resizeDisk 93892BE8-2B7F-4ABD-A4C3-984495DCD98D 996351459328b
Calculate the maximal size of your CoreStorage Logical Volume in diskutil cs list: (size disk0s2) + (size disk1s2) In your case that's 120988852224 B + 996351459328 B = 1117340311552 B. That should be the size of your refreshed Logical Volume Group.
Resize your Logical Volume with diskutil cs resizeVolume LVUUID LVGSize-128 MB In your case that's diskutil cs resizeVolume D237FFDC-7DA4-41D7-AC13-4CC7E5E8C0A0 1117212311552b. If you get an error (There is not enough free space...) choose a smaller size like 1117148311552b.
Quit Terminal and open Disk Utility.
Check your expanded CoreStorage Volume for errors.
Quit Disk Utility, choose your CS volume as startup disk and restart your Mac

'Rebuild Fusion Drive' (recommended if you have a Time Machine backup)

Booted to Internet Recovery Mode open Utilities → Terminal in the menubar and enter:
diskutil cs list to get the CoreStorage listing.
Copy the Logical Volume UUID, it's the fifth listed.
Now delete the Logical Volume with diskutil cs deleteVolume LVUUID.
In your case: diskutil cs deleteVolume D237FFDC-7DA4-41D7-AC13-4CC7E5E8C0A0.
Copy the Logical Volume Group UUID, it's the first listed in the listing of diskutil cs list.
Then delete the Logical Volume Group with diskutil cs delete LVGUUID.
In your case: diskutil cs delete 1EFE58BC-3613-44C4-86EE-D816F3B66E3E
Enter exit and quit 'Terminal'
Open 'Disk Utility'. Enter 'Ignore' if you are asked to fix the drives.
Choose your SSD and partition it: 1 Partition Mac OS X Extended (Journaled), hit the Options button and choose GUID Partiton table and hit OK and Apply.
Please check that the size is ~121 GB

Example:
Choose your HDD and partition it: 1 Partition Mac OS X Extended (Journaled), hit the Options button and choose GUID Partiton table and hit OK and Apply.
Please check that the size is ~1 TB

Example:
Quit Disk Utility and open Terminal
Enter diskutil list

Example (your disk identifiers and sizes are different of course: Your volume SSD probably has the Identifier disk0s2 and the size 121 GB and your volume HDD probably has the Identifier disk1s2 and the size 1.0 TB):
Enter diskutil cs create "Name" IdentifierSSD IdentifierHDD
In your case probably diskutil cs create "Macintosh HD" disk0s2 disk1s2.

Copy the resulting LVGUUID

Example:
Enter diskutil cs CreateVolume LVGUUID jhfs+ "Macintosh HD" 100%.

Example:
Enter diskutil cs list
Check the size of your Logical Volume. It should have the size ~1.121 TB

Example:
Quit Terminal
Open 'Disk Utility' and check your newly created volume for errors
Quit 'Disk Utility'
Attach your external Time Machine backup drive or check this answer if you use NAS or another network share.
Open 'Restore from Time Machine Backup'
Choose the appropriate Time Machine backup and restore your system
Reboot to your restored system.
Unmount and detach your Time Machine backup drive
Open 'Terminal' and enter 'diskutil list'
Check if your 'Recovery HD' is listed.
If your 'Recovery HD' is missing, usually reinstalling your current system with the latest available system installer (e.g. 'Install OS X Mavericks (10.9.5)' if Mavericks is currently installed) will recreate it without loosing any data. AFAIK Recovery Partition Creator 3.8 will NOT create a Recovery HD on CoreStorage volumes.
After reinstalling the system with the latest available system installer open App Store and install the latest security fixes.

Best Answer

Related Solutions

MacOS – Can’t modify partitions

I think I messed up the Fusion Drive on the 1TB iMac (with BootCamp)

Related Question