You are not logged in.

Announcement

[2017.09.08] DeployStudio build v1.7.8 (checksum, release note).
[2016.08.26] DeployStudio build v1.6.19 (release note).
[2013.02.23] DeployStudio last universal build v1.5.17 (release note).

#1 2018-12-12 20:46:00

jeremyd
Member
Registered: 2017-07-21

Restoring Images to T2 Chip Machine

I have a strange problem I'm trying to get around on the new T2 Chip Enabled machines. Let me give a background of the current setup.

This is testing on a 2018 Macbook Air (released Nov 2018).
I installed macOS 10.14.2 onto an external USB drive and then set it up with DeployStudio Runtime.
I changed the Security Settings on the macbook to "no Security" and Allow booting to external Media.
I am then able to boot to my external disk with Deploystudio available on the new macbook Air.

Out of the box the configuration of "diskutil apfs list" shows output with this. (not all information shown just the relevant part)

Volume disk1s1
name: macintosh HD
Filevault: No (Encrypted at rest)

Volume disk1s2
name: Preboot
Filevault: No

Volume disk1s3
name: Recovery
Filevault: No

If you notice the main drive shows Encrypted at Rest but the Preboot and the Recovery Partition do not show that.

If I use Deploystudio to lay down an image that I captured using the Capture task sequence in DeployStudio the layout changes to this:

Volume disk1s1
name: macintosh HD
Filevault: No (Encrypted at rest)

Volume disk1s2
name: Preboot
Filevault: No (Encrypted at rest)

Volume disk1s3
name: Recovery
Filevault: No (Encrypted at rest)

In this state the machine will not boot, it shows the flashing folder with a ?
I already mounted the Preboot volume to make sure the UUID folder is correct inside of that. The Bless -info also shows the correct information. I think the root issue is encrypted at rest component.

If I make an image file using AutoDMG and restore that using Disk Utility it gets back to a working state with the Preboot and the Recovery back to not encrypted again.

Is there a way to turn off Encryption at rest for those two volumes, If not is there a way to delete and manually create those volumes without the encryption enabled?
I would be ok even with a way to restore just the Macintosh HD volume only without touching the other two partitions.

I was able to copy the image down successfully using SuperDuper but I am looking for a way to do this via task sequence so it is one click and done.

Any insight into this? If more information is needed I'm happy to provide that.

Offline

#2 2018-12-13 14:28:39

jeremyd
Member
Registered: 2017-07-21

Re: Restoring Images to T2 Chip Machine

So more information as I was working on this.

If I use this command the image gets laid down ok and the Preboot and Recovery Partitions show not encrypted but they are both empty.

sudo asr restore -s /tmp/DSNetworkRepository/Masters/APFS/Mojave_10.14.2_18C54_v1.0.i386.apfs.dmg -t /dev/disk1s1 --erase --noprompt

I tried just extracting the preboot.zip file that is created as part of the image, but it doesn't appear to be a normal zip file. What format is that in? What command does deploy studio use in the background to extract those files?

I am able to open it using the Archive Utility program manually but I can't use the unzip command to script it?

I ideally if I can fix the problem in the original post this won't be needed, but I'm just looking at another possible way to do this if the first problem can't be resolved.

Thanks.

Offline

#3 2018-12-20 19:26:42

jeremyd
Member
Registered: 2017-07-21

Re: Restoring Images to T2 Chip Machine

I may have figured it out.. all of you "don't image anymore" people will probably disown me, but I'm posting the answer for anybody else that won't let imaging go just yet.

After restoring the image I had to manually delete the (encrypted at rest) Preboot and Recovery Partitions using:
diskutil apfs deleteVolume disk1s2 (deletes Preboot)
diskutil apfsdeleteVolume disk1s3 (deletes Recovery)

Manually create those Volumes again using the "role" identifer:
diskutil apfs addVolume disk1 apfs Preboot -role B
diskutil apfs addVolume disk1 apfs Recovery -role R

Then I had to populate the preboot volume with the boot information.
#Get UUID of disk1s1 to setup Preboot need to store that value into variable. the $4 indicates 4th column (spaces count as each column)
diskutil apfs list | grep "Volume disk1s1" | awk {'print $4'}

#mount the preboot Volume
diskutil mount /dev/disk1s2

#unizp the preboot files
tar -xvf /tmp/DSNetworkRepository/Masters/APFS/Mojave_10.14.2_18C54_v1.0.i386.preboot.zip -C /Volumes/Preboot

#Rename the Folder under Preboot to the UDID of disk1s1 (Using variable from grep command)
mv /Volumes/Preboot/%foldername that was extracted% /Volumes/Preboot/%Variable from Grep%

Also Restore the Recovery Partition
#mount the recovery volume
diskutil mount /dev/disk1s3

#unizp the recovery files
tar -xvf /tmp/DSNetworkRepository/Masters/APFS/Mojave_10.14.2_18C54_v1.0.i386.recovery.zip -C /Volumes/Recovery

#Rename the Folder under Recovery to the UDID of disk1s1 (Using variable from grep command)
mv /Volumes/Recovery/%foldername that was extracted% /Volumes/Recovery/%Variable from Grep%

#make the drive bootable
sudo bless -mount "/Volumes/Macintosh HD" -setBoot
#Verify Boot Info (if desired)
sudo bless -info -verbose /Volumes/Macintosh HD

Offline

#4 2019-04-14 09:25:17

sebus
Member
Registered: 2011-07-19

Re: Restoring Images to T2 Chip Machine

Thank you, most useful!

Offline

#5 2019-07-16 20:42:21

jeremyd
Member
Registered: 2017-07-21

Re: Restoring Images to T2 Chip Machine

I've had a few people reach out asking for a full script for what I ended up doing. Here is a copy of what I used, feel free to amend to your own purposes.
------------------------------------------
#!/bin/sh

imagefile="Mojave_10.14.2_18C54_v1.0.i386"
imagepath="/tmp/DSNetworkRepository/Masters/APFS"
BootUUID="$(diskutil apfs list | grep "Volume disk1s1" | awk {'print $4'})"

echo $imagepath
echo $imagefile
echo $BootUUID

echo "Deleting Existing Preboot Volume"
diskutil apfs deletevolume disk1s2
echo "Deleting Existing Recovery Volume"
diskutil apfs deletevolume disk1s3

echo "Creating New Preboot Volume"
diskutil apfs addVolume disk1 apfs Preboot -role B
echo "Creating New Recovery Volume"
diskutil apfs addVolume disk1 apfs Recovery -role R

echo "Mount the Preboot Volume"
diskutil mount /dev/disk1s2

echo "Unzip the Preboot File" $imagepath/$imagefile".preboot.zip to the Preboot Volume"
tar -xvf $imagepath/$imagefile.preboot.zip -C /Volumes/Preboot
rm -R /Volumes/Preboot/.Trashes

echo "Rename the unzipped_pre_UUID folder to the current BootUUID of" $BootUUID
unzipped_pre_UUID="$(ls /Volumes/Preboot)"
mv /Volumes/Preboot/$unzipped_pre_UUID /Volumes/Preboot/$BootUUID

echo "Mount the Recovery Volume"
diskutil mount /dev/disk1s3

echo "Unzip the Recovery File" $imagepath/$imagefile".recovery.zip to the Recovery Volume"
tar -xvf $imagepath/$imagefile.recovery.zip -C /Volumes/Recovery
rm -R /Volumes/Recovery/.Trashes

echo "Rename the unzipped_rec_UUID folder to the current BootUUID of" $BootUUID
unzipped_rec_UUID="$(ls /Volumes/Recovery)"
mv /Volumes/Recovery/$unzipped_rec_UUID /Volumes/Recovery/$BootUUID

echo "Making the Drive Bootable"
bless --device /dev/disk1s1 --setBoot

bless -info "/Volumes/Macintosh HD"

exit 0

Offline

Board footer

Powered by FluxBB