6 Replies
      Latest reply on Oct 6, 2015 5:09 AM by michael.dreves
      rtrouton Level 1 Level 1 (0 points)

        Question: On Yosemite, there is an issue where FileVault 2 will report "Encrypted Paused" during the encryption process, then never resume. It won't decrypt, and the only fix seemed to be deleting the CoreStorage volume.


        Is there a fix for this besides deleting the CoreStorage volume? For example, how to unpause and either resume encryption or decrypt?

         

         

        Answer:

         

        The "Encryption Paused" issue was addressed in 10.10.3. The root cause was a problem with resizing the CoreStorage volume. When the CoreStorage volume was unable to grow, the encryption was paused and could not resume until the resize issue was addressed.

         

        To fix this issue:

         

        1. Update your Mac to 10.10.3, or boot from an alternate drive which is running 10.10.3.

        2. Un-lock the encrypted drive if necessary

        3. Open Terminal

        4. Run the following command to get your Mac's disk identifier:

         

         

        diskutil list
        
        
        

         

         

        5. Once you have the disk identifier information, run the following command:

         

         

        sudo fsck_cs -y disk_identifier_goes_here
        
        
        

         

         

        6. fsck_cs should repair the CoreStorage volume and address the resizing issue. As part of the output, it should show that encryption is resuming.

         

        If this bug is still encountered and the above fix does not fix it, please run the following commands:

         

         

        csdiagnose
        
        
        
        sysdiagnose
        
        
        

         

         

        Both commands will generate diagnostic files. Once you have those files, file a bug report with Apple. After that point, back up your data and delete the CoreStorage volume (which will wipe the drive and remove all data.)

         

         

         

        Question: What is the RAID Assistant in El Capitan's Disk Utility and what can it do?

         

        Answer: RAID Assistant is not yet available in Developer Beta 1 (there's a mention of this in the release notes.) It's an assistant to walk people through the process of setting up striped or mirrored software RAIDs.

         

        For more complex configurations, you may still need to use the diskutil command.

        • Re: Filesystem Lab notes
          rtrouton Level 1 Level 1 (0 points)

          I asked about the new System Integrity Protection functionality and was told that I should ask about that in the Security labs, as it wasn't a filesystem issue. That  squares with other research I've been doing on System Integrity Protection, as I'm not seeing any immutable flags on files.

           

          Side note: One of the things protected by System Integrity Protection is /System/Library/CoreServices/DefaultDesktop.jpg. Also locked is /Library/Desktop Pictures/El Capitan.jpg

            • Re: Filesystem Lab notes
              timsutton Level 1 Level 1 (0 points)

              One thing that seems to be blocked is creating new files in /usr/bin. I've seen several installers which attempt to install files here fail, and trying to touch a file in /usr/bin/ results in a message: "Operation not permitted"

              • Re: Filesystem Lab notes
                rM4UtgoL Level 1 Level 1 (0 points)

                @rtrouton,


                For SIP / the security lab: Organizations may set a requirement to remove a previously-installed Java 6 JDK (especially on upgraded computers). It appears that specific directories (that may be protected) should be deleted. Not sure if removing items from /System/Library/Java/JavaVirtualMachines/ is possible.

              • Re: Filesystem Lab notes
                rtrouton Level 1 Level 1 (0 points)

                I asked the Filesystems lab guys about the CoreStorage volume creation by the OS installer in Yosemite and later. According to the engineers, the only reason for the CoreStorage volume creation by the OS installer in Yosemite and later is to support FileVault 2. I asked it was to support anything else and they said no.

                • Re: Filesystem Lab notes
                  michael.dreves Level 1 Level 1 (0 points)

                  MBP - OS X 10.11.1 (15B22c)

                   

                  Still problems with Filevault2 if configured and started on battery power.

                   

                  It's not possible to get the encryption started with the power adapter plubbed in. The state seems kind of frozen, retstart, logouts does not change the status which remains to report "Encryption paused"

                   

                  Everything under Security and Privacy/FileVault are very slow.

                   

                  Anyone has other suggestions than the ones suggestet in this threat?

                   

                  BR,

                   

                  /mic