Encrypting your data is a good idea for anyone, but the firm handles confidential material. So it’s extra important that we keep our info on lockdown. This is easier in some operating systems than others. I used to think encryption in a Mac was easy, but after this FileVault issue my position has changed a bit.
We have a couple Mac OS X Servers running 10.8.3 (Mountain Lion). The purpose is for one of them to be the mail server (and possibly some other services) and the other is to be a failover. Due to the security considerations mentioned above, these servers need to be encrypted.
Thanks to FileVault, a feature in Mac OS, encryption is supposed to be simple. You just go into the System Preferences app, open “Security & Privacy,” and then click a button to turn FileVault on or off.
After clicking the button to turn it on, your computer will give you a Recovery Key and will ask if you want Apple to save a copy in case you lose it. Then you will need to restart your computer to begin the encryption process.
That’s where I started to have a problem.
In the past when I’ve encrypted Mac hard drives, it’s taken several hours. So after I clicked the button to restart the server, I started working on something else — assuming that it would just go about its business.
I was wrong.
It wasn’t until a few hours later that I realized that not only was the computer not encrypting anything, it wasn’t even turned on. I attempted to power it on and connect via screen sharing (since it isn’t normally connected to a monitor). I waited and waited, but it never showed up in my Finder window.
I hooked it up to a monitor to see what was going on. It was stuck on the Apple logo screen that is supposed to display only when the computer is booting. It had been on this screen for about half an hour, so I knew there was a problem.
How to Boot a Mac into Safe Mode
I searched around and found that some people had luck rebooting into Safe Mode so that they could at least get the system up and running. From there you can take a look at the Console app and other diagnostic utilities to try to solve some problems.
Fortunately, booting into Safe Mode is pretty straightforward:
- Turn off your Mac
- Wait 30 seconds
- Hold down the shift key and keep it held down
- Turn on your Mac
- Wait for the Apple logo screen to show up
- Release the shift key
At this point, something that appears to be some sort of status bar will show up under the Apple logo and after a minute or two the system will boot into Safe Mode.
If it takes a bit longer than normal to boot, don’t worry too much; Safe Mode typically takes longer to boot than normal startup.
The FileVault Issue Persists
When I was in Safe Mode, I opened System Preferences to see if FileVault had been successfully turned on or not. I was not too surprised to see that it was not.
I rebooted normally (which worked this time) and tried to turn on FileVault again, but once again I had the same exact problem. I booted back into Safe Mode and then rebooted normally again just to get back to a working system.
With some more searching I found the solution: I needed to reset my NVRAM (that’s what it’s called on Intel-based Macs; if you’re on a PowerPC-based Mac it’s called PRAM).
How to Reset NVRAM and PRAM
As usual, identifying the solution was harder than implementing it with this FileVault issue. Resetting your NVRAM or PRAM is not anymore complicated than booting into Safe Mode.
- Turn off your Mac
- Wait 30 seconds
- Hold down the Command, Option, “P,” and “R” keys on your keyboard simultaneously
- Turn on your Mac (if your hands are busy holding down keys, you might need to ask a friend to hit the power button)
- Listen for the startup chime but keep holding the keys down
- When you hear the second chime, release the keys
When I reset my NVRAM, the Mac OS X Server I was working on actually chimed for a third time, but even so that trick worked. I was able to activate FileVault and start the hard drive encryption without rendering the machine un-bootable.
If you’re having an issue with FileVault on your Mac OS X Server, this might be your solution as well.