How to create an emergency disk for an SD 6.1 FileVault client and use it to recover a client machine
This article describes how to create and apply recovery information for a Mac FileVault 2 device. This method can be used when a user forget their password and wants to unlock their device:
On SES, right-click Mac FileVault device and choose Create Emergency Disk.
The recovery information is contained in one file (which is the master keychain) and the name of the file is the LVUUID of this device.
A dialog appears which shows you the master password of this keychain. Please take note of it.
Copy this file to removable media.
Restart the Mac FileVault device and press and hold <command> + <R> when you hear the chime to access Recovery HD.
Insert the removable media.
Under Utilities, open up Terminal.
Enter the following commands in Terminal: security unlock-keychain <full path to keychain file> You will be prompted to enter the master password. diskutil cs unlockVolume <LVUUID> -recoveryKeychain <full path to keychain file>
This unlocks the keychain and unlocks the device (most importantly). In Disk Utility, you will see the device appear as mounted.
From this point, users can do one of two things: they can either backup their data or they can disable FileVault for this device.
To disable FileVault from Terminal, first type "MOUNT" in terminal to see what disk number your volume is in. Then enter the following command: diskutil cs revert disk(whichever number you found) -recoveryKeychain <full path to keychain file>
Once you reboot, Apple's preboot will no longer be there and the user can access the machine.