💾 Archived View for jacksonchen666.com › posts › 2023-08-05 › 08-26-18 › index.gmi captured on 2024-03-21 at 15:17:48. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
2023-08-05 06:26:18Z
The scenario: You want to make sure you know the password/passphrase to your (time machine) drive. Except it is automatically mounted and unlocked. So how do you get the password prompt?
The answer: With great difficulty. Actually no, with the command line.
diskutil is a macOS command line program. It's for managing disks.
There's a list command, which can list drives:
> diskutil list [...] /dev/disk5 (external, physical): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *2.0 TB disk5 1: EFI EFI 209.7 MB disk5s1 2: Apple_APFS Container disk6 2.0 TB disk5s2 (free space) 189.1 MB - /dev/disk6 (synthesized): #: TYPE NAME SIZE IDENTIFIER 0: APFS Container Scheme - +2.0 TB disk6 Physical Store disk5s2 1: APFS Volume Jackson 2.0 TB disk6s1 /dev/disk7 (external, physical): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *4.0 TB disk7 1: EFI EFI 209.7 MB disk7s1 2: Apple_APFS Container disk8 4.0 TB disk7s2 /dev/disk8 (synthesized): #: TYPE NAME SIZE IDENTIFIER 0: APFS Container Scheme - +4.0 TB disk8 Physical Store disk7s2 1: APFS Volume BACKUP2 3.4 TB disk8s2 /dev/disk9 (external, physical): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *4.0 TB disk9 1: EFI EFI 209.7 MB disk9s1 2: Apple_APFS Container disk10 4.0 TB disk9s2 /dev/disk10 (synthesized): #: TYPE NAME SIZE IDENTIFIER 0: APFS Container Scheme - +4.0 TB disk10 Physical Store disk9s2 1: APFS Volume BACKUP1 3.3 TB disk10s2
Oh yeah, and it includes the containers and the volumes.
diskutil also has an APFS subcommand:
> diskutil apfs Usage: diskutil [quiet] ap[fs] <verb> <options> where <verb> is as follows: list (Show status of all current APFS Containers) listUsers (List cryptographic users/keys of an APFS Volume) listSnapshots (List APFS Snapshots in a mounted APFS Volume) listVolumeGroups (List all current APFS Volume Group relationships) convert (Nondestructively convert from HFS to APFS) create (Create a new APFS Container with one APFS Volume) createContainer (Create a new empty APFS Container) deleteContainer (Delete an APFS Container and free or reformat disks) resizeContainer (Resize an APFS Container and its disk space usage) addVolume (Export a new APFS Volume from an APFS Container) deleteVolume (Remove an APFS Volume from its APFS Container) deleteVolumeGroup (Remove grouped APFS Volumes from its APFS Container) eraseVolume (Erase contents of, but keep, an APFS Volume) changeVolumeRole (Change the Role metadata flags of an APFS Volume) unlockVolume (Unlock an encrypted APFS Volume which is locked) lockVolume (Lock an encrypted APFS Volume (diskutil unmount)) changePassphrase (Change the passphrase of a cryptographic user) setPassphraseHint (Set or clear passphrase hint of a cryptographic user) encryptVolume (Enable FileVault security in background or instantly) decryptVolume (Disable FileVault security in background or instantly) deleteSnapshot (Remove an APFS Snapshot from an APFS Volume) defragment (Arm or check status or begin APFS defragmentation) updatePreboot (Update a macOS Volume's related APFS Preboot Volume) syncPatchUsers (Copy Volume Group crypto users System-to-Data role) diskutil apfs <verb> with no options will provide help on that verb
Notice there's a lockVolume and unlockVolume command. Those can be used to lock and unlock the APFS volumes.
So, first, locking the volume.
We need the disk identifier. List your disks with `diskutil list`:
> diskutil list [...] /dev/disk9 (external, physical): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *4.0 TB disk9 1: EFI EFI 209.7 MB disk9s1 2: Apple_APFS Container disk10 4.0 TB disk9s2 /dev/disk10 (synthesized): #: TYPE NAME SIZE IDENTIFIER 0: APFS Container Scheme - +4.0 TB disk10 Physical Store disk9s2 1: APFS Volume BACKUP1 3.3 TB disk10s2
Find the volume name, then find the line with the "type" being "APFS Volume". In my case, my disk identifier is `disk10s2`.
Now you can lock the APFS volume (which will also unmount it):
> diskutil apfs lockVolume disk10s2 APFS Volume is now unmounted and locked
Then, unlock it by repeating the last command and replacing the lockVolume with unlockVolume:
> diskutil apfs unlockVolume disk10s2 Passphrase: Unlocking any cryptographic user on APFS Volume disk10s2 Unlocked and mounted APFS Volume
It'll ask you for your passphrase/password. Get it right, it unlock and mounts. Get it wrong, try again. Get it wrong forever, you data is probably gone for good already.