The FileVault security system, introduced many years ago to macOS, prevents someone from starting up or restarting your computer and gaining access to its startup volume, which is encrypted. (FileVault handled the encryption in its early days, but it’s now handled in hardware and always enabled with any Intel Mac with a T2 Security Ship and with all Apple silicon M-series Macs.)
This introduces a problem if you’re using remote screen access to use your Mac. If you need to make a change that requires rebooting your Mac, it will go right back to the FileVault login screen, which cannot be accessed through remote-control software. The password has to be entered at that screen to unlock the startup drive and to boot into macOS.
Restart manually and bypass FileVault
If you need to restart manually after making a change, you can use a Terminal command that will restart your computer into macOS a single time.
- Make any changes on your remotely controlled Mac before restarting. This can include installing software that ends with a Restart option. Don’t click that button.
- At the Terminal, enter
sudo fdesetup authrestart -delayminutes 0and press Return. Set0to the number of minutes you want the Mac to wait, or leave it at0to restart immediately. - After the Mac restarts, you should be able to resume your remote session and access the login window to enter the account password.
There are three important provisos:
- This only affects the restart created by the
fdesetupcommand. Subsequent restarts will go through the FileVault login. - Starting a Mac from having its power off or power cycling it–say, through a HomeKit or other remote-controlled outlet or UPS–still requires a FileVault login.
- It’s possible the
fdesetuprestart will go awry and fail to allow you back in.
Disable FileVault to ensure remote access
You could disable FileVault in System Settings > Privacy & Security > FileVault. Then, whenever your Mac reboots, it will always allow access from the main macOS login window. This works in case of a power outage, a crash and automatic restart, or a manual restart. (Make sure that System Settings > Energy’s “Start up automatically after a power failure” is enabled.)
However, it comes with the risk that your data could fall into the wrong hands. With FileVault disabled, someone with access to your computer can restart it into recoveryOS, typically used for Disk Utility or reinstalling macOS, and easily retrieve all your stored files.
Disabling FileVault is a common practice for Macs used as servers, which are typically stored in locked rooms, secured with biometric or other unique access codes, and monitored by security cameras.
For a home user, you should consider whether your Mac ever leaves the house, how susceptible you are to theft, and whether you’re concerned your data would wind up in the hands of someone else.
With Find My enabled, if the Mac is connected to the Internet, you can remotely lock and restart it to prevent access. However, thieves are unlikely to connect a Mac before trying to access data on it if they’re sophisticated enough to extract your information.
This Mac 911 article is in response to a question submitted by Macworld reader Cynthia.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered; we don’t reply to emails, and we cannot provide direct troubleshooting advice.
