1

I performed a fresh install of macOS Sierra onto a 2012 MBP13 non-Retina SSD. The install was from a USB flashdrive installer, and I set up the system drive partitions manually with a case-sensitive encrypted system volume, a FAT partition that I later installed Windows on, and a case-insensitive unencrypted volume for Steam data (Steam doesn't work for some reason, but that's another question!)

Partition map while MacOS is running:

aluminum:Downloads dhm$ diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:          Apple_CoreStorage Aluminum                319.8 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
   4:       Microsoft Basic Data BOOTCAMP                146.3 GB   disk0s4
   5:                  Apple_HFS Steam                   32.9 GB    disk0s5

/dev/disk1 (internal, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS Aluminum               +319.5 GB   disk1
                                 Logical Volume on disk0s2
                                 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
                                 Unlocked Encrypted

During MacOS installation, I created a user account. Then afterward, I created two more. Now, when I reboot, I can choose MacOS or Windows (no recovery option). When I boot MacOS, I get a chooser that offers "Enter Disk Password," "User 2" and "User 3" (No choice to log into the account I made during installation.)

If I enter the disk password, then I get "User 1," "User 2" and "User 3," and everything works as expected. If I don't enter the disk password and just log in as "User 2" or "User 3," I get a desktop but things don't work right (lots of "Please fix the library" messages.)

My questions:

  • Why can I log in as "User 2" or "User 3" even without entering the disk password? (I would expect all the system-partition information to be encrypted, but it looks like there's at least some unencrypted information lying around.)

  • What's the difference between this setup and the alternative "Do a normal, unencrypted install, then turn on FileVault?"

  • Where can I read more about the various methods macOS uses to support multiple partitions, encrypted partitions, logical volumes & so forth?

Improve this question

1 Answer 1

Reset to default
1

Not sure what the "please fix the library" message means but all of your data is encrypted on the boot partition. You can use a disk password, recovery key or allowed user passwords to unlock a FileVault disk.

When you do it the "normal way" as you mentioned above you won't end up with a disk password. No big deal.

It sounds like User 1 isn't allowed to unlock the disk in this case. You can use the fdesetup command for things like this. For example, to see which users are allowed to unlock the disk:

$ sudo fdesetup list
Password:
macmanager, 51361A22-B6F2-4384-8E0D-F4973BE74957

While logged in as any user you can look in System Preferences > Security & Privacy > FileVault and if some users aren't allowed to unlock the disk there will be a warning with a button to enable users.

You can also use fdesetup to add users to the list, assuming you know their password:

$ sudo fdesetup add -usertoadd davem
Enter a password for '/', or the recovery key:
Enter the password for the added user 'davem':
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.