Table of Contents
If you need to disable FileVault in VMware on a macOS virtual machine, using Recovery Mode is often the most reliable method for doing so. Running FileVault encryption inside a virtualized environment can sometimes cause performance overhead, complicate VM snapshots and cloning, or create access issues if credentials are misplaced. This guide provides a clear, step-by-step walkthrough to safely turn off FileVault encryption from within the macOS Recovery environment of your VMware virtual machine.
Prerequisites and Important Notes: Disable FileVault in VMware
- VMware Setup: Ensure your macOS VM is configured correctly in VMware Workstation, Fusion, or ESXi, with necessary VMware Tools installed.
- Back up the VM: Before modifying disk encryption, take a snapshot or ensure you have a backup of the virtual machine to prevent data loss.
- Admin Credentials: You must know the administrator username and password used to enable FileVault.
- Recovery Partition: The VM must have a functional macOS Recovery partition. This is typically included with standard macOS installations.
Step-by-Step Guide: Disable FileVault in VMware using macOS Recovery Mode
Step 1: Start the macOS VM in Recovery Mode
- Shut down the macOS virtual machine completely.
- Follow this tutorial.
Step 2: Access Terminal from Utilities
- From the top menu bar in Recovery Mode, select Utilities > Terminal to open a command-line interface.
Step 3: List APFS Volumes to Find the Encrypted Drive
- In the Terminal, type the following command and press Enter:
diskutil apfs list- This displays all APFS containers and volumes. Identify the volume with
FileVault: Yes(typically yourDatavolume, e.g.,Macintosh HD - Data). - Note the identifier (e.g.,
disk3s1) for the encrypted volume.
Step 4: Unlock the Encrypted Volume
- Enter the unlock command, replacing
identifierwith your volume’s identifier:
diskutil apfs unlockVolume /dev/identifier- When prompted, enter the administrator password and press the Enter key.
- A successful unlock will show:
"Unlocked and mounted APFS Volume."
Step 5: Retrieve the Cryptographic User UUID
- Run the following command (again using your volume identifier):
diskutil apfs listcryptousers /dev/identifier- Enter the password if prompted.
- From the output, locate the UUID next to
Local Open Directory Userand note it down.
Step 6: Begin the Decryption Process
- To disable FileVault, execute the decryption command:
diskutil apfs decryptVolume /dev/identifier -user uuid- Replace
identifierwith your volume identifier anduuidwith the UUID from the previous step.
Step 7: Monitor Decryption Progress
- You can periodically check the status with:
diskutil apfs list- Look for the
FileVaultstatus to change from ‘Yes’ to ‘No’. Decryption time in a VM can vary based on virtual disk size and host system performance.
Important Note for VMware: If you have multiple user UUIDs listed, try each one associated with Local Open Directory User until the command is accepted. Also, ensure your VM remains powered on and is not paused or suspended during decryption.
VMware-Specific Tips and Troubleshooting
- Performance: Decryption in a VM may be slower than on physical hardware. Be patient and avoid overloading the host machine.
- Snapshots: It’s highly recommended to take a VMware snapshot before starting this process for an easy rollback point.
- Keyboard Not Working: If the Command + R keys aren’t recognized, check VMware’s keyboard input settings or use the virtual machine’s power menu to send the keystroke.
- Command Fails: Verify you’re using the correct APFS volume identifier and that the volume is successfully unlocked before attempting decryption.
Conclusion: Disable FileVault in VMware
Learning how to disable FileVault in VMware is a valuable skill for managing macOS virtual machines, especially when preparing for cloning, improving performance, or resolving access issues.
By following the outlined steps within macOS Recovery Mode, you can securely turn off disk encryption. Always remember to utilize VMware’s snapshot feature before making such changes and ensure the VM remains stable throughout the process. Once decryption is complete, your macOS VM will operate without FileVault, simplifying management within your virtualized environment.
