Manualshelf

System information

ManualsBrandsParallels ManualsSoftwareManagement Suite SCCM
71727374757677787980
73
Parallels Mac Management Features
3 In the FileVault 2 Encryption Information dialog, enter the Mac's serial number of hardware
ID. Click Search.
4 If the Mac was previously encrypted through Parallels Mac Management, a dialog will open
containing the FileVault 2 encryption properties for this Mac.
5 Use the value of the Institutional key property to compare it to the SHA1 fingerprint of the
certificate in a FileVaultMaster.keychain file.
Unlock the Disk Using the Institutional Recovery Key
Assuming that you have the correct FileVaultMaster.keychain file, do the following to unlock the
encrypted disk:
1 Boot your Mac from the Recovery HD partition by holding down Command –R.
2 Connect an external drive containing the original FileVaultMaster.keychain file.
3 Run Terminal (Application/Utilities). If the keychain is stored in an encrypted disk image, use the
following command to mount it:
$ hdiutil attach /path/to/diskImage
4 Use the following command to unlock the FileVaultMaster.keychain file:
$ security unlock-keychain /path/to/FileVaultMaster.keychain
5 Enter the Master Password to unlock the keychain. If the password is accepted, the command
prompt will return.
6 Use the following command to list the available Core Storage volumes:
$ diskutil cs list
7 Look for the UUID of a Logical Volume, usually the last in the list. Select and copy the UUID to
be used in the next step.
8 Use the following command to unlock the encrypted disk. Be sure to insert the UUID from the
previous step and the correct path to the keychain file:
$ diskutil cs unlockVolume UUID -recoveryKeychain /path/to/FileVaultMaster.keychain
9 When the command completes, the volume will be unlocked and mounted. You'll be able to
back up data using Disk Utility, or by using a command line tool such as ditto.
If the command fails, it is possible that the disk was re-encrypted by the Mac user or a third-
party program. You can compare the UUIDs of the volumes displayed by the diskutil cs
list command to the LVGUUID, LVUUID, and PVUUID values on the FileVault 2 tab of the
Mac Properties dialog (see the Retrieve Personal Recovery Key subsection above). The
values should match. If they don't, it means that the disk was re-encrypted, in which case the
recovery key stored in the keychain file will not work.
10 Once the disk is unlocked, you can decrypt it by running the following command:
$ diskutil cs revert UUID -recoveryKeychain /path/to/FileVaultMaster.keychain
FileVault 2 Encryption with Personal Recovery Key
This section describes how to create a FileVault 2 configuration item using a personal recovery key.