Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

High Sierra Recovery Partition creator

Same procedure as every year.
I do search for a method to create a Recovery Partition on 10.13.

"Create Recovery Partition Installer" from https://github.com/MagerValp/Create-Recovery-Partition-Installer is not working on 10.13. as the installer process tells that no system found.

Anybody came up already with a way to create Recovery Partitions on 10.13.?

Like Comment
Order by:
SOLVED Posted: by bpavlov

I'm curious, what's the need for this tool? Are you deploying Macs in such a way that they don't have a Recovery Partition and need this tool to be run afterward?

Like
SOLVED Posted: by howie_isaacks

When you run a normal installation of macOS High Sierra, the recovery partition is created automatically. How are you installing High Sierra? I have used Carbon Copy Cloner to create recovery partitions on Macs that don't have them for some reason or other.

Like
SOLVED Posted: by Look

For 10.13 the recovery partition is going to be a fair bit more complex to create manually as it's contained within the APFS container along with some other bits and pieces.
None of the existing methods are likely to see it or create it, someone is going to have to invent something new for this.

Like
SOLVED Posted: by donmontalvo

On computers upgraded from Sierra to High Sierra, it doesn't appear that the Recovery HD partition is upgraded to High Sierra.

We opened a ticket with Apple to see if this is a bug in their installer.

Like
SOLVED Posted: by maik.sanftenberg

We do use Thin Imaging so we expect a running and working OS.
But in the past we have seen some machines missing the Recovery Partition for whatever reason. This machines also do miss FileVault encryption therefor.

@bpavlov We have used the tool until 10.12 to ensure that all machines have a Recovery Partition and can enable FileVault.

@Look I expected something like this but was hoping somebody already did it or had the same kind of need.

Like
SOLVED Posted: by jriv

@donmontalvo @maik.sanftenberg Have you found a solution for this? Thanks!

Like
SOLVED Posted: by chriscollins

If the need for this is for machines eBay are missing the recovery partition just reinstalling the OS with the app store installer will recreate it.

Like
SOLVED Posted: by jriv

Well, this is embarrassing. I've always held down Option on boot to enter the EFI password. Then I hold Cmd-R to go to the Recovery partition. Someone just pointed out that I just need to hold down Cmd-R on boot and it prompts for EFI password then goes straight to Recovery Partition. [https://support.apple.com/en-us/HT204904](link URL)

Like
SOLVED Posted: by dlondon

Hi,

Yes I'm struggling to find an answer to getting a recovery partition that I can install. In the past (pre High Sierra) I could use "Create Recovery Partition Installer" but no more

My use case situation is for when lab machines or even staff machine are wiped and rebuilt using our netboot system.

If anyone has ideas on how to get this automated it would be great to hear how

Like
SOLVED Posted: by haggan

You talking HFS or APFS?

I'm trying to move away form imaging the old way, but I still couldn't help myself from playing around with it. I was successful in imaging 10.13.2 both APFS and HFS booting via AutoCasperNBI.

In short, the first thing i did was to capture the data from Recovery HD, both on APFS and HFS. I then wrapped that into a pkg that will install this data in a folder in tmp.

Then i set up a workflow in JAMF admin that will first run a preinstall script that wipe the drive, and in the HFS case create a Recovery HD partition.

Then i do the regular stuff, push the image to the drive, after that it installs my package that place the Recovery HD data into tmp.

I finish it off by running a postinstall script that will copy the data from tmp to the correct location depending if you running HFS or APFS.

It work just fine. But I chime in with many others, we are moving away from imaging

Cheers

Matt

Like
SOLVED Posted: by FoxSports

hi haggan
how did you capture the recovery HD?
do you have the postinstall script? mind sharing that please?

Like
SOLVED Posted: by CSHGreenwich

We do no longer use imaging but have just found out that when you upgrade to High Sierra it does not create a recovery portion or at least not one that is recognized by Jamf. We are reviewing the requirements for Firevault 2 and most of our machines have reported to JAMF that they do not have a recovery patriots so they are all failing the eligibility requirements. Has anyone found an answer for the?

Like
SOLVED Posted: by haggan

@FoxSports

Yes, postinstall. Script are made for my environment without finesse, so it counts on HD name being Macintosh HD and one partition only. Adjust it to your needs as you see fit

I captured HFS Recovery OS and made package via Composer. APFS Recovery was made by mounting Recovery and just copy data. diskutil mount /dev/disk1s3

The tricky part with APFS, as you see in my script, is that the files reside in a folder named after UUID, so it's unique for each machine. My script solves that.

HFS+

Restore the Recovery HD image located in the tmp folder via ASR

/usr/sbin/asr restore -source /Volumes/Macintosh\ HD/private/tmp/Recovery\ HD.dmg -target /Volumes/Recovery\ HD/ -erase -noprompt -noverify

Unmount the "Recovery HD" partition

/usr/sbin/diskutil unmount /dev/disk0s3

Make the "Recovery HD" an Apple_Boot partition

/usr/sbin/asr adjust -target /dev/disk0s3 -settype Apple_Boot

exit 0

APFS:

fs_uuid="$(diskutil info /dev/disk1s1 | awk '/Volume UUID/ { print $3; }')"
jamf="/usr/local/bin/jamf"
diskutil="/usr/sbin/diskutil"

Mount APFS Volume Recovery

diskutil mount /dev/disk1s3

echo “Volume Recovery mounted”

Wipe APFS Volume Recovery

rm -rfv /Volumes/Recovery/*

echo “Recovery wiped”

Lock boot.efi

/usr/bin/chflags uchg /Volumes/Macintosh\ HD/private/tmp/recoveryos/boot.efi

echo “Permissions boot.efi corrected”

Copy Recovery OS to APFS Volume Recovery

cp -prv /Volumes/Macintosh\ HD/private/tmp/recoveryos /Volumes/Recovery/

echo “Recovery OS copied”

mv /Volumes/Recovery/recoveryos /Volumes/Recovery/"$fs_uuid"

echo “Recovery HD now restored”

Set permissions

chown -R root:wheel /Volumes/Recovery

echo “Permissions adjusted on APFS Volume Recovery”

Unmount APFS Volume Recovery

diskutil unmount /Volumes/Recovery

echo “Volume Recovery unmounted”

Delete temp files

rm -rfv /Volumes/Macintosh\ HD/private/tmp/recoveryos

echo “Temp files deleted”

echo “All done, enjoy booting into Recovery”

exit 0

Like
SOLVED Posted: by sdagley

@haggan That could be a useful script, but your post didn't include the script tag so the forum software garbles the display. Please edit your post to put the script begin/end tag, which is three consecutive backpacks (```), immediately before and after your script so it'll display properly.

Like
SOLVED Posted: by haggan

Thanks for the advice, trying again with your tip.

APFS:

#!/bin/sh
#
# Haggan Jan 2018
# This script will image Recovery OS on APFS volume (OS need to be captured and place into /tmp)
# Script only tested with one volume named Macintosh HD, adjust accordingly.

# Variables to determine paths and more. Do not edit.

fs_uuid="$(diskutil info /dev/disk1s1  | awk '/Volume UUID/ { print $3; }')"
jamf="/usr/local/bin/jamf"
diskutil="/usr/sbin/diskutil"

# Mount APFS Volume Recovery

diskutil mount /dev/disk1s3

echo “Volume Recovery mounted”

# Wipe APFS Volume Recovery

rm -rfv /Volumes/Recovery/*

echo “Recovery wiped”

# Lock boot.efi

/usr/bin/chflags uchg /Volumes/Macintosh\ HD/private/tmp/recoveryos/boot.efi

echo “Permissions boot.efi corrected”

# Copy Recovery OS to APFS Volume Recovery

cp -prv /Volumes/Macintosh\ HD/private/tmp/recoveryos /Volumes/Recovery/

echo “Recovery OS copied”

mv /Volumes/Recovery/recoveryos /Volumes/Recovery/"$fs_uuid"

echo “Recovery HD now restored”

# Set permissions

chown -R root:wheel /Volumes/Recovery

echo “Permissions adjusted on APFS Volume Recovery”

# Unmount APFS Volume Recovery

diskutil unmount /Volumes/Recovery

echo “Volume Recovery unmounted”

# Delete temp files

rm -rfv /Volumes/Macintosh\ HD/private/tmp/recoveryos

echo “Temp files deleted”

echo “All done, enjoy booting into Recovery”

exit 0
Like
SOLVED Posted: by haggan

Thanks @sdagley

HFS+

#!/bin/sh
#
# Haggan Jan 2018
# This script will image Recovery OS on HFS volume (OS need to be captured and place into /tmp)


# Restore the Recovery HD image located in the tmp folder via ASR

echo “Restoring the image”

/usr/sbin/asr restore -source /Volumes/Macintosh\ HD/private/tmp/Recovery\ HD.dmg -target /Volumes/Recovery\ HD/ -erase -noprompt -noverify

# Unmount the "Recovery HD" partition

/usr/sbin/diskutil unmount /dev/disk0s3

echo “Unmounting volume”

# Make the "Recovery HD" an Apple_Boot partition

/usr/sbin/asr adjust -target /dev/disk0s3 -settype Apple_Boot

echo “Recovery HD made Apple_Boot”

sleep 2

echo “All done”

exit 0
Like
SOLVED Posted: by sdagley

@haggan Thanks for the scripts

Like
SOLVED Posted: by rob_c28

@haggen

Thanks for the script. One problem i am finding. When i get to the erasing of the Recovery Volume, it states operation is not permitted when trying to rm the files on the Partition. Am I missing something? Do i have to have Root access to run the script?

This will be a huge help on the 70 or so machines that do not have a Recovery Partition in our environment.

Like
SOLVED Posted: by haggan

@rob_c28

Hmm. That sound odd. Could it be SIPS that have to be disabled?

You could try disabling it as test, you need to boot into Recovery (USB-stick in your case?), start terminal, execute command csrutil disable

Scripts run via JAMF is always run as root as far as I know.

Cheers

Like
SOLVED Posted: by jthurwood

Hello

Did anyone get to the bottom of the "operation is not permitted" issue?

Thanks

Like
SOLVED Posted: by haggan

I never had that problem.

I've seen "operation is not permitted" in scripts though, usually when scripts contain info that shouldn't be there.

Open the script in BBedit, copy and past into new BBedit document and save it. Run it manually, confirm that it's working, then upload it to JSS again.

Cheers

Like
SOLVED Posted: by jameson

I have some high sierra that have not any recovery partition - and jamf enrollment need that to enable filevault, and of course not interesting in wiping the machine
Can @haggan be used for this ?

Like
SOLVED Posted: by mhasman

I tested, was not able to get 10.13.6 Recovery Partition installation image... Integrity Protection is off (csrutil disable). Any suggestions, please? Or... Can anybody just share Recovery Partition installer, please?

Like
SOLVED Posted: by anverhousseini

The Create Recovery Partition Installer.app is working with macOS High Sierra. Clone the repository like this

cd "/private/tmp/" && git clone "https://github.com/MagerValp/Create-Recovery-Partition-Installer.git"

Move the app bundle to the applications folder.

mv "/private/tmp/Create-Recovery-Partition-Installer/Create Recovery Partition Installer.app/" "/Applications/"

Then put a copy of the CocoaDialog.app to

/Applications/Create Recovery Partition Installer.app/Contents/Resources/cocoaDialog.app
Like
SOLVED Posted: by mhasman

@anverhousseini Thank you Anver!

Like

Jamf wants to hear your feedback around Jamf Pro Navigation and Office365 settings configuration.