If you’re a Mac user concerned about their data privacy, you might be familiar with FileVault.
If you’re using an older Mac, you might even be using the original FileVault — if you don’t have macOS 10.13 High Sierra installed, of course.
The older version of FileVault isn’t supported by newer macOS updates. But there is a noted bug that, although rare, can have some serious consequences. Basically, it can permanently lock you out of your user account.
FileVault & FileVault 2
The original FileVault, now called legacy FileVault, was first released in OS X Panther.
Basically, legacy FileVault protected a user’s home directory by way of an encrypted sparse disk image. But it had its limitations. For example, it only allowed users to encrypt their home directory.
Apple released a new FileVault in OS X Lion 10.7.4. FileVault 2, which is now just called FileVault, is completely redesigned.
Instead of using a sparse disk image, FileVault encrypts a user’s entire startup volume. It then uses a specialized startup procedure to decrypt that volume. In other words, it’s full disk encryption and a lot better than legacy FileVault.
Still, Apple continued to offer legacy FileVault in subsequent releases.
Users simply had to turn it on by going to System Preferences —> Security & Privacy —> FileVault. Enabling it was as simple as de-checking the Turn Off Legacy FileVault toggle.
Despite the continued support, Apple was presumably planning to phase out legacy FileVault at one point or another. As of macOS 10.13, it has.
Legacy FileVault on macOS 10.13
macOS 10.13 officially kills off support for legacy FileVault. It’s simply not usable with the operating system. If you have High Sierra installed, you won’t see the option to toggle FileVault (see above).
Because of that, users can’t even install macOS 10.13 without first disabling legacy FileVault. But, of course, bugs can happen.
As indicated in a recent Macworld article, if macOS 10.13 is installed on a system, any active legacy FileVault drives or user accounts become unusable.
Users will be greeted with a message indicating that they cannot log into the FileVault user account because “legacy FileVault is not supported on macOS 10.13 and above.”
You shouldn’t be able to find yourself in this predicament. But if you are, you probably feel kind of stuck. Truthfully, since it’s unintended behavior, there aren’t many options to fix it.
A Quick Side Note
Before we get to accessing Legacy FileVault files on macOS High Sierra, here’s a quick side note. Basically, some users have trouble installing macOS 10.13 even if they do not have FileVault enabled.
An error message will pop up indicating that macOS 10.13 is incompatible with a FileVault account — again, even if the account does not have legacy FileVault enabled.
If you run into this problem, it’s worth trying this solution.
- Click on the Apple logo in the left-hand corner of the top menu bar.
- Click on System Preferences.
- Click on Security & Privacy
- Click on FileVault.
- From here, you’ll want to turn legacy FileVault on.
- Once it’s on, turn it back off.
From most user reports, this should fix any installation bugs.
How to Extract Legacy FileVault Files
Of course, if you did manage to install macOS High Sierra on a FileVault system, you probably want to know how to fix it.
Unfortunately, there does not seem to be any way to turn legacy FileVault off once macOS 10.13 is installed. You can’t log into the account to get to your encrypted data.
With that being said, there’s something you should note. If you currently use legacy FileVault, make absolutely sure that it’s disabled before proceeding to install macOS 10.13 High Sierra.
Again, if you’re in this situation, there are few options available. One of them, however, is to try and extract files from the encrypted sparse disk image.
For the Target Disk mode, you’ll need access to two Mac computers. In addition, you’ll need some way of connecting both computers (either Thunderbolt, USB-C or FireWire).
Target Disk Mode
- Make sure the Mac with the FileVault problem is turned on.
- On the other Mac, click the Apple logo menu
- Click System Preferences.
- Click Startup Disk.
- Click on Target Disk Mode.
- Click Restart when macOS asks you to confirm.
You can then try to mount the computer that contains the FileVault-encrypted user account.
In other words, you’ll use the affected Mac drive as an “external hard drive.” You should be able to access the files on the impacted user account after authenticating with the appropriate password.
Of course, this won’t fix the issue. But it could allow you to extract important files and data that you wouldn’t be able to access otherwise.
As stated above, you still won’t be able to actually log into the impacted user account. It’s basically as good as gone unless Apple devices to implement a fix for this issue down the road. Based on how isolated and sporadic this bug is, that seems improbable.
If there’s another user on the Mac, you can simply log into that one and create a new account for yourself. If there isn’t, you can try creating a new account via the Mac’s Recovery feature.
In either case, you can copy your saved files to that account and safely delete the old one.