OSX: 使用命令行对FileVault2分区恢复
FileVault 2必须有Recovery HD分区,因为它依赖于它作为系统初启动。如果今后什么时候或者误操作删除了Recovery HD分区,那么你的机器就无法启动鸟。 是否使用苹果的办法重新获得一个Recovery HD就可以了呢?原理上说不行,因为还记得当初加密的时候的密钥吗?它也丢了,丢了就无法解密了。所以呢,我们需要另辟途径来恢复它。
一般步骤:
基于一个FileVault 2是基于CoreStorage逻辑卷管理技术的事实,我们可以从CoreStorage入手。
先看看一个被加密过的磁盘回变成什么样子,注意其中的Unlocked行,后面会提到:
$ diskutil coreStorage list
CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group 26B67367-CF79-4D1E-884C-BB96FDD79D19
=========================================================
Name: FileVault
Sequence: 1
Free Space: 0 B (0 B)
|
+-< Physical Volume A446F211-3BCB-47F4-8EB2-7174AF4CD408
| ----------------------------------------------------
| Index: 0
| Disk: disk4s2
| Status: Online
| Size: 9896046592 B (9.9 GB)
|
+-> Logical Volume Family 8D077574-ADC1-4979-9F1E-FF901FC20D86
----------------------------------------------------------
Sequence: 8
Encryption Status: Unlocked
Encryption Type: AES-XTS
Encryption Context: Present
Conversion Status: Complete
Has Encrypted Extents: Yes
Conversion Direction: -none-
|
+-> Logical Volume BD95F022-812D-366A-909C-286E5443D88E
---------------------------------------------------
Disk: disk5
Status: Online
Sequence: 4
Size (Total): 125505781760 B (125.5 GB)
Size (Converted): 125505781760 B (125.5 GB)
Revertible: Yes (unlock and decryption required)
LV Name: FileVault
Volume Name: FileVault
Content Hint: Apple_HFS
它原来看上去是这个样子的:
diskutil info disk0s2 Device Identifier: disk0s2 Device Node: /dev/disk0s2 Part of Whole: disk0 Device / Media Name: Macintosh HD Volume Name: Macintosh HD Escaped with Unicode: Macintosh%FF%FE%20%00HD Mounted: Yes Mount Point: / Escaped with Unicode: / File System Personality: Journaled HFS+ Type (Bundle): hfs Name (User Visible): Mac OS Extended (Journaled) Journal: Journal size 16384 KB at offset 0x1ab63000 Owners: Enabled Partition Type: Apple_HFS OS Can Be Installed: Yes Media Type: Generic Protocol: SATA SMART Status: Verified Volume UUID: BD95F022-812D-366A-909C-286E5443D88E Total Size: 125.5 GB (125505781760 Bytes) (exactly 245128480 512-Byte-Blocks) Volume Free Space: 62.2 GB (62152081408 Bytes) (exactly 121390784 512-Byte-Blocks) Device Block Size: 512 Bytes Read-Only Media: No Read-Only Volume: No Ejectable: No Whole: No Internal: Yes Solid State: No
其它的都不重要,重要的是他的Volume UUID,也就是 "BD95F022-812D-366A-909C-286E5443D88E ",
另外加密时的密钥也不要忘了,密钥这个样子:
现在使用下面的命令来解密吧:
$ diskutil coreStorage revert BD95F022-812D-366A-909C-286E5443D88E -passphrase 2NTO-LQGA-RMXG-LFQO-B8NR-XTCT
解密之后的时这样子的:
$ diskutil coreStorage list No CoreStorage logical volume groups found
锁住的卷
注意:在10.8.4之后,每个加密的FV2磁盘都会是锁住的(Locked), 在list命令中可以看到:
Encryption Status: Locked
这样在解密前需要先解锁:
$ diskutil coreStorage unlockVolume BD95F022-812D-366A-909C-286E5443D88E -passphrase 2NTO-LQGA-RMXG-LFQO-B8NR-XTCT
FileVaultMaster.keychain文件?
如果加密时使用的是FileVaultMaster.keychain,那么只能使用它来解密,
首先,找到并在内存中打开它:
security unlock-keychain /path/to/FileVaultMaster.keychain
之后使用"-recoveryKeychain /path/to/FileVaultMaster.keychain" 替换上面的 "-passphrase 2NTO-LQGA-RMXG-LFQO-B8NR-XTCT"