Tahoe and FileVault

I like Tahoe a lot. But a word of warning about a glitch that I ran into this evening.

I was trying to do some screen resolution adjustments on my Mac Mini, which I use as a ChannelsDVR server. I run it headless and connect to it using Jump Desktop (or, occasionally, the built-in Screen Sharing). I updated it to Tahoe last week.

Wanting to see if my changes would stick, I rebooted the machine — only to discover I could no longer connect to it.

To figure out what was going on, I had to unplug it and take to a different room so I could connect it directly to a monitor. When I booted up again, it demanded my password, which I thought odd. Because I only ever access the machine remotely — from several states away at some times of the year — I’d had auto login enabled.

When I went into settings to re-enable it, I couldn’t, because FileVault was enabled. I had to disable that before re-enabling auto login.

Here’s the thing: I never enabled FileVault on this particular machine, precisely so that I could safely reboot it remotely if needed.

FileVault is turned on by default when you upgrade to Tahoe if you sign in with an Apple account during the process. I discovered that with a quick search that led me to this conversation in the TidBits forum.

And sure enough, that bit of information was included in the Ars Technica review, which I hadn’t seen.

The problem is that at no point that I can recall during the upgrade process was I told that FileVault would be automatically enabled, so this caught me by surprise.

It’s an issue that’s easy enough to fix, once you know what’s going on, but I’d like to spare others the head-scratching and frustration I encountered this evening.

Maybe related to this nice new feature?

https://www.jeffgeerling.com/blog/2025/you-can-finally-manage-macs-filevault-remotely-tahoe

There should have been an info screen after the first launch of Tahoe. I noticed it, but I didn’t disable FileVault. So, I gave it a try and sure enough, the Mac was not reachable for Jump Desktop after the first reboot.

I disabled FileVault again and I intend it to leave it disabled for the time being.

@rob, thank you for pointing us to this article! Very good news! That for sure is a nice feature (long overdue). However, the problem remains that the Mac must first be reachable via SSH. If you are not inside of your home network when connecting to the Mac, you still cannot use Jump Desktop. First, a way to access the Mac via SSH must be established in order to enter the login credentials—and that way must be secure. For me, this would be a solution for emergencies (I have set up Wireguard). In everyday use, I do not want to give up the convenient proprietary method via Jump Desktop’s “fluid connection”.

Good point!

I think I can do that by remotely SSH-ing into my router via Tailscale and from there SSH into a Mac.

Exactly. That is how I would do it using Wireguard. I basically need a VPN into my home, login via SSH and then I could use Jump Desktop (or just use VNC at that point). It is doable, but still a hassle (multi-step process) compared to just use Jump Desktop from whatever device.

But the great thing is that it IS an option with Tahoe, even with FileVault enabled. And that is very nice!

Interesting — thanks for sharing!

At this point I don’t think I really need FileVault for this particular machine, but it’s good to know there’s a way to reboot remotely with it enabled if I ever decide I need it.

It’s entirely possible that I just missed the info screen.

This was my first reboot after installing Tahoe. My guess is that the upgrade process kept me logged in for the first launch, since my Channels server continued to work normally. After the reboot, my Channels clients couldn’t see it until I logged in.

At some point I suppose I should set up Tailscale or similar so the solution @rob pointed us to is available, but that’s a project for when I have a large chunk of time available. For now, FileVault stays off.