Damon Cortesi's blog

Musings of an entrepreneur.

Undoing FileVault

| Comments

As previously mentioned, I recently came into the possession of a MacBook pro. Always being the diligent student of security, I decided to enable FileVault for my home directory. Unfortunately, with the combination of Parallels and merging gigs of pcap files, the performance wasn’t really holding up and I decided to revert the process. Relying on the ease of use of Apple’s software, I went into my Security preferences and clicked “Turn off FileVault”. After entering the requisite passwords and dialog boxes, the system logged me out and began the process. A few moments later, I was greeted with this unfortunate message:

An error occurred An error occurred during decryption (An error occurred during copying ). FileVault will be turned on for this home folder and the home folder will still be encrypted.

An audible sigh escaped my lips as I realized this wasn’t going to be as easy as I hoped. A Google on the error message revealed pathetically few results (2, at the time of this writing…one in Japanese). Some more creative Google searches revealed some useful tips, but trying to repair or restore the filesystem both resulted in failure with cryptic error messages. It seemed the root of the problem was the result of filesystem corruption in the actual encrypted sparseimage that housed my home directory. One of the recommended courses of action included copying the contents of the encrypted image to another directory, deleting the user, and creating a new, replacement user. I really didn’t want to do this…so I came up with another way. These instructions are not verbose and some file permission munging was required, but this should give a general idea of how I solved the problem.

  • Create another account
  • Login to this second account
  • Create a new encrypted sparseimage of larger size than the current one and give it the same password
  • Mount both the old sparseimage (located in /Users/<user>) and the new one (~/usernew.sparseimage)
  • Copy the files over using tar: `cd /Volumes/<user>; tar cfp - ./* | (cd /Volumes/usernew; tar xfp -)`
  • There might be some errors, so that’s why I left the verbose flag out of tar - make sure critical files aren’t missing
  • Configure all files on the new filesystem to be owned by the proper user
  • Unmount the filesystems and move the new sparseimage to the old one:
  • mv /Users/<user>/.sparseimage /Users/<user>/.sparseimage.old && mv ~/usernew.sparseimage /Users/<user>/.sparseimage
  • Log out and back in as the original user
  • Try to disable FileVault again…it should work this time. :o)

I can already feel my hard drive breathing a sigh of relief.