Problem booting from APFS encrypted drive

Discussion in 'Mac OS X Guest OS Discussion' started by Simon Wail, Feb 4, 2018.

  1. Simon Wail

    Simon Wail Bit Poster

    Messages:
    2
    I'm running a MacOS High Sierra guest OS on Parallels 13.2 (on High Sierra). When I initially installed the guest OS everything was running fine and the VM booted OK.

    My corporate security requires all drives to be encrypted and so I turned on FileVault on the guest OS. Once the encryption was completed the guest OS continued running fine, but as soon as I reboot, it fails.

    I get a login screen with a light grey background instead of the usual dark grey one, and upon entering my password the VM hangs. I see the following errors in the "parallels.log":

    02-03 12:12:11.096 F /vm:27476:58195/ Guest Mac OS Version on VM APP: 0xa0d03
    02-03 12:12:11.097 F /vm:27476:58195/ Trying to delete nonexisting variable
    02-03 12:12:11.097 Last message repeated 1 times.
    02-03 12:12:11.151 F /monitor/ OTG print: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleKeyStore/AppleKeyStore-56
    02-03 12:12:11.151 F /monitor/ OTG print: 5.40.1/libeks.c: get_platform_uuid: Failed to get system-id.
    02-03 12:12:11.151 F /monitor/ OTG print: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleKeyStore/AppleKeyStore-56
    02-03 12:12:11.151 F /monitor/ OTG print: 5.40.1/libeks.c: eks_get_file_vault_services: AKS EFI: Initializating Callback
    02-03 12:12:11.151 F /monitor/ OTG print: s. (local crypto; RestartData Protocol found [rc=0])
    02-03 12:12:11.152 F /monitor/ OTG print: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleKeyStore/AppleKeyStore-56
    02-03 12:12:11.152 F /monitor/ OTG print: 5.40.1/libeks.c: fv_get_stashed_kek: AKS EFI: Found Stashed KEK (len=0)
    02-03 12:12:11.152 F /monitor/ OTG print: apfs_keybag_unlock_record_tag:1620: failed to unwrap volume key, err = 3758097090 (tag = 2)
    02-03 12:12:11.152 F /monitor/ OTG print: apfs_keybag_unlock_record:1698: failed to unwrap volume key, err = 5
    02-03 12:12:11.152 F /monitor/ OTG print: apfs_efi_meta_crypto_state_unwrap:316: apfs_efi_meta_crypto_state_unwrap: apfs
    02-03 12:12:11.152 F /monitor/ OTG print: _keybag_unlock_record with stashed KEK failed
    02-03 12:12:11.152 F /monitor/ OTG print: apfs_mount:17475:
    02-03 12:12:11.152 F /monitor/ OTG print: failed to unwrap meta crypto state

    It seems the VM is unable to unlock the APFS drive and therefore can't boot the system.

    My questions are:
    1. Does Parallels 13.2 support encrypted APFS drives in the guest OS?
    2. If so, how do I get mine to work correctly?
    3. If not, does anyone know whether there are plans to support APFS encryption?

    Any help is appreciated.

    Simon.
     
  2. MattK4

    MattK4

    Messages:
    1
  3. Simon Wail

    Simon Wail Bit Poster

    Messages:
    2
    It wasn't a login problem.

    I solved the problem by formatting the guest OS drive as HFS and then installing High Sierra without having the drive converted to APFS. Then everything worked fine, even encrypting the drive.

    Obviously there is a problem in Parallels support for encrypted APFS drives. Maybe the development team will look into this.

    Simon.
     

Share This Page