Manually Migrate Tiger FileVault sparseimage to Leopard FileVault sparsebundle
Posted in Leopard, Mac OS X, Solution, System Administration on 11/01/2007 09:23 am by jmccune
So I’m finally running Mac OS X 10.5 Leopard on my portable. I’ve decided to migrate to the new sparsebundle style FileVault image, and here’s how I did it:
First, make sure you’ve created a FileVault master certificate by setting a master password in the Security preference pane.
Manually create the sparse bundle:
umask 077 export NAME="mccune" hdiutil create -size 300g \ -encryption -agentpass \ -certificate /Library/Keychains/FileVaultMaster.cer \ -uid 502 -gid 20 -mode 0700 \ -fs "HFS+J" \ -type SPARSEBUNDLE \ -layout SPUD \ -volname "$NAME" \ "$NAME".sparsebundle; chown -R "$NAME":staff "$NAME".sparsebundle
Make sure to set the password on the disk image the same as the password used with the user account, otherwise the system won’t be able to decrypt the image from the loginwindow.
Mount the sparsebundle:
hdiutil mount -owners on -mountrandom /tmp -stdinpass "$NAME".sparsebundle
Copy the contents of your home directory:
rsync -avxHE --progress /Users/mccune/ /tmp/dmg.TYSCwg/
After I did the initial pass with rsync, I logged out of my user account, and logged in using the administrator account in order to run the rsync process a second time, while my profile was in a steady state.
01/11/2008 at 1:21 pm
Please note, additional information on managed deployments of FileVault in an enterprise setting is available from Greg Neagle at: http://macenterprise.org/content/view/276/77/
In particular, Greg discusses how to manage the file vault certificate and private key in a manner that greatly simplifies data recovery when users forget their file vault passwords.
01/11/2008 at 4:37 pm
[...] I opted to create a sparsebundle HFS+ formatted disk image, exactly like I would do manually for Leopard File Vault [...]
02/13/2008 at 12:13 pm
What about just decrypting, or turning off FileVault completely, before I upgrade.
Then turning on FileVault again after I’m all upgraded. Wouldn’t that work?
Or, is that just super time consuming. I think I remember that the decrypt takes hours and hours. My file vault is sparse image is something like 30GB.
What do you think?
02/20/2008 at 1:40 pm
Michael Tyler; Yes, both decryption or turning off FileVault completely before upgrading and turning back on again afterwards should work just fine.
I published this information for those who may have a need to automate the process of upgrading from Tiger to Leopard. Consider a one for one deployment with a war-room where students walk in, plug into a gigabit network, netboot, and a script takes control and manually converts their file vault image as one step in the procedure.
02/29/2008 at 2:30 pm
Thanks for posting this Jeff, it worked brilliant on my Leopard .sparsebundle which decided not to “load” anymore during login. Tried all tools and hints but yours just did the job I wanted. Cheers!