Support Center > Search Results > SecureKnowledge Details
How to upgrade Mac OS X with installed Full Disk Encryption to macOS 10.12 Sierra Technical Level

Note: In-place upgrade to macOS 10.12 Sierra is not possible with Apple macOS Sierra installation app when Endpoint Security FDE blade is installed.


This solution describes how to perform an OS X major version upgrade to macOS 10.12 Sierra when Endpoint Security Client with Full Disk Encryption (FDE) is installed. This process is called in-place upgrade.



  • Download Check Point Utility for in-place upgrade of macOS 10.12 Sierra.
  • A Mac, freshly installed or upgraded, with the same 'Install macOS' as is going to be used when creating the in-place upgrade package.
  • Supported and verified macOS 10.12 installer apps are:

    • 10.12 (installer app version 12.0.49)
    • 10.12.1 (installer app version 12.0.57)
    • 10.12.2 (installer app version 12.2.03, 12.2.04)
    • 10.12.3 (installer app version 12.2.06)
    • 10.12.4 (installer app version 12.4.06)
    • 10.12.5 (installer app version 12.5.03)
    • 10.12.6 (installer app version 12.6.03)


How to create the in-place upgrade package

  1. Copy both the original macOS installation app and the Check Point Utility for in-place upgrade of macOS with installed Full Disk Encryption to Sierra 10.12 (FDE_OSX_Upgrade_Util.dmg) to some directory (e.g., /some_path_to_upgrade/, or /tmp).
  2. Run the following commands from a Terminal (substitute the relevant path to the packages):
    1. hdiutil attach -nobrowse /tmp/FDE_OSX_Upgrade_Util.dmg
    2. sudo /Volumes/FDE_OSX_Upgrade_Util/ /tmp/Install\ macOS\ /tmp/InstallESD-cp.dmg
      NOTE: The Check Point in-place upgrade image InstallESD-cp.dmg can now be used to create an in-place upgrade installation package, .pkg, that can be installed on Mac computers that need to be upgraded.
    3. sudo /Volumes/FDE_OSX_Upgrade_Util/createOSXinstallPkg/createOSXinstallPkg --source /tmp/InstallESD-cp.dmg --output /tmp/macOSUpgrade.pkg


How to run in-place upgrade

Important Note: Before performing the in-place upgrade of OS X major version, make sure that:

  • The Mac is upgraded to the latest available OS X minor version (10.10 Yosemite or 10.11 El Capitan)
  • The latest available Endpoint Security version (at least E80.64 GA)


  1. Copy the created installation package macOSUpgrade.pkg to some directory (e.g.,/some_path_to_upgrade/, or /tmp).
    NOTE! Since this is a macOS bundle (i.e directory), make sure to zip the pkg, if transferring using media that isn't formated with Apple HFS, such as FAT.
  2. Run the following command from a Terminal (substitute the relevant path to the package):
    sudo installer -pkg /tmp/macOSUpgrade.pkg -target /
  3. Once installed without error, one is prompted to reboot. Perform reboot of the Mac.
  4. FDE preboot will require user authentication during subsequent reboots.



  • Endpoint Security logs can be collected by running the following command in a terminal:
    sudo $/Library/Application\ Support/Checkpoint/Endpoint\ Security/
  • In case Endpoint Security is not installed, then /var/log/EndpointSecurity must be collected manually.
  • If ends with an "out of memory" problem, then it is likely due to the large memory cache in use. It may be necessary to reboot before trying again.
  • If installation of the macOSUpgrade.pkg fails, check the /var/log/install.log for detailed information.

The following logs are relevant:

  • /var/log/EndpointSecurity/FDE_in_place_upgrade_debug.*
  • /var/log/install.log


Related solutions

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document