~ read.

Install Issues: MacOS High Sierra - Decrypting and recovering data from an APFS drive in Recovery Mode

So I thought I'd install the latest MacOS: High Sierra on my work machine, mainly so I could see thought sweet new emojis :D. A handful of my coworkers had been installing it and they seemed to enjoy it. Well my install didn't seem to work out so swimmingly.

In this post I'll show you what went wrong, and all of the things that I did to try and fix it.

TLDR: MAKE A BACKUP OF ALL YOUR DATA BEFORE INSTALLING THE LATEST OS!!!!

First, the install took around an hour, whereas my coworkers had said that it was roughly 15 minutes. I attribute it to my hard drive being more full than their's. No big deal. But when it finished installing and I tried to log in. My machine went into a kernel panic loop. The machine would reboot, show the login page, I'd put in my password, and it would show the kernel panic message

OldKernelPanic-58b8a9933df78c353ce508dd

After reading some forums and posts online, I determined that my best option was to reboot in recovery and try to reinstall High Sierra. The install took another hour, and the problem persisted. Everything else I read online said that I'd have to wipe the drive and reinstall. That wouldn'tbe a problem, except that I have no backups of my work machine and have no idea what files I might have on the machine that would be unrecoverable. Okay, so I need to figure out a way to boot a Unix disto from USB and copy my files to my external hard drive. However, when installing High Sierra, it automatically encrypted my hard drive! I'd need to decrypt it first.

(Note: If you're following these steps to recover your own data, I think you can skip this very long decryption step. Go to the Copying data section below)

With a bit of research, I was finally able to figure out how to decrypt my APFS harddrive from the Mac recovery mode. Here are the steps:

  1. reboot in recovery mode. (Cmd+R on boot)

  2. open terminal from the utilities dropdown menu.

  3. Run these commands:

diskutil apfs list to list your drives

Find your locked APFS drive. For me this is disk1s1. You'll also need the drive's UUID later, so copy that long hyphenated string next to the drive id.

Next run the following command to unlock your drive:
diskutil apfs unlockVolume /dev/<drive id>

In order to decrypt your APFS drive you'll need your user's UUID.
To find your AppleID UUID. run:
diskutil apfs listcryptousers <HDD_UUID>
<HDD_UUID> being that UUID you copied from the drive list

Find the user listed with type: Local Open Directory user and copy that UUID.

Finally we can decrypt the drive. Run:
diskutil apfs decryptVolume -user <USER_UUID>

This will ask for a password. Enter your password and the APFS drive should begin decrypting. This is an extremely long process. You can check its progress with diskutils apfs list again.

In order to keep your disk from sleeping and pausing the progress, you can use pmset to change power settings. I ran:
pmset -g disk to see current settings and
pmset -a disksleep 0 to set the disksleep time to never sleep

So after I FINALLY decrypted my drive, a process that took around 12 hours, I tried rebooting to see if maybe High Sierra would work with an non-encrypted drive. Nope.

Copying data from an APFS drive in recovery mode:

So back to trying to copy my data. I booted Ubuntu from a USB drive, but of course Ubuntu has no way to read Apple's new APFS file system! Freaking Wonderful!

What other options do I have? Well I have access to the terminal. Maybe I can boot in recovery and move files to an external hard drive via the command line? Well that would have worked, but my external is formatted to NTFS and Mac can get Read-only access. Okay... I could format a USB drive and copy files over manually, but I have a lot of data to copy, and my biggest USB drive is 16GB.

Finally, the best solution I could think of was to use scp to copy my files over my network to my homeserver. The command I ran was:
scp -rpv /Users/marcmissey/Documents/* [email protected]:/path/to/raid/
-r for recursive, -p for preserving modified dates, and -v for verbose so i can watch the progress.

As I write this, it's still copying files, but I'm pretty certain that this will do everything I need. To top it all off, I don't think I even needed to decrypt in the first place. I could have used diskutility to unlock and mount the drive and then scp to copy my files.

I really hope that this post helps at least one other person in the future. If it does, maybe shoot me an email? If not, maybe it will remind people to make sure to back up anything important before installing a new OS.