How to upgrade Mac OS X with installed Full Disk Encryption to macOS 10.12 Sierra
Note: In-place upgrade to macOS 10.12 Sierra is not possible with Apple macOS Sierra installation app when Endpoint Security FDE blade is installed.
This solution describes how to perform an OS X major version upgrade to macOS 10.12 Sierra when Endpoint Security Client with Full Disk Encryption (FDE) is installed. This process is called in-place upgrade.
How to create the in-place upgrade package
- Copy both the original macOS installation app and the Check Point Utility for in-place upgrade of macOS with installed Full Disk Encryption to Sierra 10.12 (FDE_OSX_Upgrade_Util.dmg) to some directory (e.g., /some_path_to_upgrade/, or /tmp).
- Run the following commands from a Terminal (substitute the relevant path to the packages):
- hdiutil attach -nobrowse /tmp/FDE_OSX_Upgrade_Util.dmg
- sudo /Volumes/FDE_OSX_Upgrade_Util/prepare_os_upgrade.sh /tmp/Install\ macOS\ Sierra.app /tmp/InstallESD-cp.dmg
NOTE: The Check Point in-place upgrade image InstallESD-cp.dmg can now be used to create an in-place upgrade installation package, .pkg, that can be installed on Mac computers that need to be upgraded.
- sudo /Volumes/FDE_OSX_Upgrade_Util/createOSXinstallPkg/createOSXinstallPkg --source /tmp/InstallESD-cp.dmg --output /tmp/macOSUpgrade.pkg
How to run in-place upgrade
Important Note: Before performing the in-place upgrade of OS X major version, make sure that:
- The Mac is upgraded to the latest available OS X minor version (10.10 Yosemite or 10.11 El Capitan)
- The latest available Endpoint Security version (at least E80.64 GA)
- Copy the created installation package macOSUpgrade.pkg to some directory (e.g.,/some_path_to_upgrade/, or /tmp).
NOTE! Since this is a macOS bundle (i.e directory), make sure to zip the pkg, if transferring using media that isn't formated with Apple HFS, such as FAT.
- Run the following command from a Terminal (substitute the relevant path to the package):
sudo installer -pkg /tmp/macOSUpgrade.pkg -target /
- Once installed without error, one is prompted to reboot. Perform reboot of the Mac.
- FDE preboot will require user authentication during subsequent reboots.
- Endpoint Security logs can be collected by running the following command in a terminal:
sudo $/Library/Application\ Support/Checkpoint/Endpoint\ Security/collect_logs.sh
- In case Endpoint Security is not installed, then /var/log/EndpointSecurity must be collected manually.
- If prepare_os_upgrade.sh ends with an "out of memory" problem, then it is likely due to the large memory cache in use. It may be necessary to reboot before trying again.
- If installation of the macOSUpgrade.pkg fails, check the /var/log/install.log for detailed information.
The following logs are relevant:
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.