Decrypting an APFS volume from the Terminal
I’ve been playing about with a Hackintosh desktop running High Sierra, but run into an interesting problem – the FileVault Preboot loader which asks you for the password to decrypt the APFS volume doesn’t recognise the USB keyboard by default.
Apparently there are ways to fix this by building the necessary drivers and inserting them into the Preboot volume, but as the drive in question is an m.2 NVMe disk, I didn’t have an easy way to put it into another computer which could mount APFS volumes.
I therefore decided that the quickest and simplest way to recover a working system was to temporarily decrypt the volume.
To do this, I booted the macOS installer from my UniBeast USB stick and launched the Terminal from Utilities->Terminal in the menu bar.
I found plenty of articles suggesting to use “fdesetup” to manage FileVault, however this utility doesn’t seem to be included in the macOS installer, so instead I had to work out how to accomplish this with the “diskutil” utility.
As I’m using APFS, everything takes place using the commands under “diskutil apfs”, however for older HFS+ formatted disks, the same thing should still be possible using the equivalent CoreStorage commands under “diskutil cs” (although I haven’t tested this, so the steps may be a little bit different).
Now lets take a look at the disks and volumes in this system:
diskutil apfs list
This gives you an ASCII tree view of your disks and their volumes along with various information about each of them.
Find the UUID (the 5 groups of letters and numbers separated by hyphens) for the volume that you want to decrypt – it will say “Encrypted: Yes (Locked)”.
Before we can decrypt the volume, first we need to unlock it:
diskutil apfs unlockVolume <UUID>
Enter your passphrase and the volume will be unlocked so that it can be accessed. This only unlocks the Volume whilst the computer is running however and won’t persist after a reboot.
To permanently decrypt the volume, run:
diskutil apfs decryptVolume <UUID>
This will start the decryption of the volume in the background.
You can run “diskutil apfs list” again to see the progress. Instead of the previous “Encrypted:” line, you should now see “Decryption Process: 1.0% (Unlocked)”.
Depending on the size of the volume in question, it could take quite some time to complete the decryption.
Once completed, the progress line in the output of “diskutil apfs list” will have been replaced with “Encrypted: no”. At this point it’s safe to boot back into normal macOS.
