As of Mac OS X 10.10, Apple will automatically update the partition scheme of the drive to use CoreStorage on any computer with Intel's hardware-based cryptography technology. This will be the default for new systems, but can also be automatically modified during a Mac OS X update to Mac OS X 10.10. At this time, CoreStorage is not supported by Symantec Encryption Desktop for the Drive Encryption feature.
NOTE: CoreStorage technology is used by Apple to enable their Fusion Drive technology and FileVault 2 encryption technology. If either of these technologies are being used on the Macintosh system, these features will need to be disabled to encrypt the drive with Symantec Drive Encryption. This article describes how to revert a CoreStorage logical volume to a physical volume when neither Fusion Drive or FileVault 2 is being used.
CAUTION: As these steps go over modifying the drive partition layout, it is recommended to have a recent backup before performing these steps.
This process requires the use of the command line utility Terminal located in /Applications/Utilities/ and also requires a local administrator account to run. If you are logged in with a domain user, you can run the 'switch user' command to log in as a local admin:
Tip: To open Terminal, on the keyboard, press the command key + the spacebar key, this should open the spotlight field. Type "terminal", and hit enter, this should launch the Terminal application.
Once Terminal is launched, run the following command:
diskutil cs list
If CoreStorage is enabled, the following information will be seen with unique data for the Mac computer:
CoreStorage logical volume groups (1 found)
+-- Logical Volume Group C6F5CA12-5533-414C-A3BC-7F404E403559
Size: 578930491392 B (578.9 GB)
Free Space: 8192 B (8.2 KB)
+-< Physical Volume BC712192-47FE-439D-BE93-B996E2E7B73B
| Index: 0
| Disk: disk0s2
| Status: Online
| Size: 79682387968 B (79.7 GB)
+-> Logical Volume Family 8ABB8C2D-225B-4693-9EC6-9F6725A42D66
Encryption Status: Unlocked
Encryption Type: None
Conversion Status: NoConversion
Conversion Direction: -none-
Has Encrypted Extents: No
Fully Secure: No
Passphrase Required: No
+-> Logical Volume 5ACC8C0D-005C-4693-9EC6-9F6725A42D66
Size (Total): 573301309440 B (573.3 GB)
Conversion Progress: -none-
Revertible: Yes (no decryption required)
LV Name: Macintosh HD
Volume Name: Macintosh HD HD
Content Hint: Apple_HFS
As long as "Revertible" equals "Yes (no decryption required)" the volume can be reverted. Run the following command followed by the Logic Volume UUID (underlined in the example above) to execute the revert operation as is listed in the following example:
Once the conversion is complete, restart the computer.
NOTE: In some rare instances, the computer will restart to the built-in recovery partition if available, or present a system not found error. In most of these cases, simply resetting the startup disk will boot the computer appropriately. From the recovery parition choose the menu in the upper left: >Startup Disk and choose your internal drive. Alternately you may hold option after the statup chime and your disk will be listed.
Verify CoreStorage has been disabled by launching Terminal again and run the following command:
diskutil cs list
If CoreStorage was disabled, the following will be seen:
No CoreStorage logical volume groups found
Symantec Encryption Desktop 10.3.2 MP7 and above can then be installed on the system, and the drive can then be encrypted. For information on which versions of Symantec Encryption Desktop 10.3.2/10.4 can be installed on which versions of Mac OS X, see article TECH174563.
Note: CoreStorage or FileVault2 can also be disabled from Boot option by following below mentioned steps with a help of Mac Genius. Please do take a backup of your computer before performing any changes on your computer:
Using Disk Utility
1. Boot your Mac and hold down ⌘-R (Command –R) to boot from the Mac’s Recovery HD partition. 2. Open Disk Utility. 3. Select your locked hard drive. 4. Under the File menu, select Turn Off Encryption… 5. When prompted for a password, you can enter your password for the drive. Once provided, decryption of the encrypted volume should begin.
The drive should begin decrypting.
From command line
1. Boot your Mac and hold down ⌘-R (Command –R) to boot from the Mac’s Recovery HD partition. 2. Open Terminal. 3. Run the following command to get the UUID of the encrypted drive: diskutil corestorage list 4. Once you have the UUID, you can unlock the drive using the following command: diskutil corestorage revert UUID -stdinpassphrase 5. You’ll be prompted for the password/passphrase of an account that’s authorized to unlock the encryption. Once provided, decryption of the encrypted volume should begin.
The drive should begin decrypting.
Enrollment Issues with CoreStorage
When enrolling a Mac client to a Symantec Encryption Management Server with the auto-encrypt functionality enabled, and CoreStorage in use on the Mac, the following error will be displayed:
An Error Occured PGPError :-12000
This occurs as a result of CoreStorage being in use on the system.
If the system still cannot be encrypted, and the system is running Mac OS X 10.11, El Capitan, disabling SIP is also needed. See article TECH235027 for more information on this.
Follow this article to disable and re-enroll the Mac user. To re-enroll, follow the steps in article TECH178358.
Imported Document ID: HOWTO109622
Subscribing will provide email updates when this Article is updated. Login is required.