destroyfvkeyonstandby requires additional pmset settings in order to avoid system shutdown
kristovatlas opened this issue · 34 comments
I'm wondering if anyone has tried the combination of OSX Login via Yubikey (https://www.yubico.com/why-yubico/for-individuals/computer-login/mac-os-login/) with the pmset -a destroyfvkeyonstandby 1
system configuration enabled to destroy the file vault key.
I have both of these set on a machine, and when I put my computer to sleep, upon waking it later I often find that the system has turned itself entirely.
I suspect that this is because of a negative interaction between these two configurations -- that removing my YubiKey during the sleep process is depriving the system of something it wants in order to stay on while the FileVault key is no longer accessible.
Similar experiences or suggestions on how to troubleshoot this are welcome.
I'm not using Yubikey, but I have tried pmset -a destroyfvkeyonstandby 1
on a 2015 rMBP and it has the same behavior: the system is completely off in the morning when I've put it to sleep the night before. I'm unable to use this setting without risk of losing unsaved documents. I have assumed its a hardware issue, so am looking forward to taking in for diagnosis, once I'm in a country with an apple store. But I would like to hear if anyone has solved this issue on their own.
What is likely happening is, the Mac is waking for Power Nap, hitting the FileVault unlock screen, then powering off due to a temperature failsafe. At least that's my theory. Try leaving Power Nap off and don't connect the machine to AC power to test it.
you may find explanation and the fix there: https://derflounder.wordpress.com/2014/02/12/power-nap-power-management-settings-and-filevault-2/, not sure about Yubikey though.
I've always had Power Nap disabled, so that wasn't the cause. It does appear to be a bug (or incorrect documentation) regarding the standby
and standbydelay
options. I've followed some of the (counterintuitive) suggestions mentioned in the above link and found it to work for me. These expected-to-be-correct settings do not work:
standbydelay 3600
standby 1
So I've changed them to this, and it works:
standbydelay 0
standby 0
¯_(ツ)_/¯
@kristovatlas, what are your current (non-working) settings (via pmset -g custom
)?
Oh look, shrug is munged by github markdown. This:
¯_(ツ)_/¯
Should be:
¯\_(ツ)_/¯
🤔
sorry, but did you read the whole story from this link above? :)
the quote: "Once I’d disabled Power Nap, I thought the problem would be solved. Nothing else should wake it up, right? Then I put my laptop to sleep the next night and tried to wake it the following morning. The laptop was off again, so not fixed".
so, powernap is the part of the problem, but even with disabled powernap it is still there. and yes, to fix the problem you need to set these two variables to 0, as the link above says.
My settings before applying the proposed fix are:
$ pmset -g
System-wide power settings:
DestroyFVKeyOnStandby 1
Active Profiles:
Battery Power -1
AC Power -1*
Currently in use:
standbydelay 10800
standby 1
womp 0
halfdim 1
hibernatefile /var/vm/sleepimage
powernap 1
gpuswitch 2
networkoversleep 0
disksleep 10
sleep 1
autopoweroffdelay 14400
hibernatemode 25
autopoweroff 1
ttyskeepawake 1
displaysleep 10
acwake 0
lidwake 1
These commands were not sufficient to fix the problem:
sudo pmset -a standby 0
sudo pmset -a standbydelay 0
Resulting in these overall settings:
$ pmset -g
System-wide power settings:
DestroyFVKeyOnStandby 1
Active Profiles:
Battery Power -1
AC Power -1*
Currently in use:
standbydelay 0
standby 0
womp 0
halfdim 1
hibernatefile /var/vm/sleepimage
powernap 1
gpuswitch 2
networkoversleep 0
disksleep 10
sleep 1 (sleep prevented by AddressBookSourceSync)
autopoweroffdelay 14400
hibernatemode 25
autopoweroff 1
ttyskeepawake 1
displaysleep 10
acwake 0
lidwake 1
yes, since you need to switch off powernap too (in the case of quinncomendant it was already disabled).
I have the same problem (macbook pro randomly shutting itself off while in hibernation) and I have the powernap off. The instructions in here (https://derflounder.wordpress.com/2014/02/12/power-nap-power-management-settings-and-filevault-2/) did not help to prevent the problem.
Below the best performing settings I found so far - with them the issue seems to be inconsistent: my macbook works as expected for a couple of days, then I suddenly find it powered off. Anyhow most of the times it works as expected.
System-wide power settings:
DestroyFVKeyOnStandby 1
Active Profiles:
Battery Power -1
AC Power -1*
Currently in use:
standbydelay 0
standby 0
womp 0
halfdim 1
hibernatefile /var/vm/sleepimage
powernap 0
networkoversleep 0
disksleep 0
sleep 0 (sleep prevented by backupd, backupd, AddressBookSourceSync, UserEventAgent, UserEventAgent, UserEventAgent, UserEventAgent)
autopoweroffdelay 0
hibernatemode 25
autopoweroff 1
ttyskeepawake 1
displaysleep 10
acwake 0
lidwake 1
two differences with my setup: autopoweroffdelay is 14400 in my settings (it is measured in minutes, so it never happens anyway I guess) and autopoweroff is 0 in my settings (you have 1, but I guess that it is never triggered in your case, since you set autopoweroffdelay to 0).
Running this command resolved the issue:
$ sudo pmset -a powernap 0
This doesn't appear to have anything to do with Yubikey's OS X Login since other people not using Yubikey observed the same problem. (I'll be adjust the title of the issue accordingly.)
The final configuration of the machine is:
$ pmset -g
System-wide power settings:
DestroyFVKeyOnStandby 1
Active Profiles:
Battery Power -1
AC Power -1*
Currently in use:
standbydelay 0
standby 0
womp 0
halfdim 1
hibernatefile /var/vm/sleepimage
powernap 0
gpuswitch 2
networkoversleep 0
disksleep 10
sleep 1
autopoweroffdelay 14400
hibernatemode 25
autopoweroff 1
ttyskeepawake 1
displaysleep 10
acwake 0
lidwake 1
@kristovatlas I would wait a couple of days before considering it resolved - in my case the laptop works fine for 1, 2 or even 3 days and then I suddenly find it powered off when it's supposed to be hibernating.
@burguesia: ok, thanks for letting me know.
FYI: just found my laptop off after a few days of correct functioning. It seems that it goes off more often if I leave the ac power connected while it's hibernating. If it's on battery power it seems to always work fine.
I use these settings for at least two months without problems. however, I never put it to AC power while it is in hibernate mode.
@burguesia: my machine is powered off today :(
Some output for troubleshooting:
$ pmset -g
...
sleep 1 (sleep prevented by UserEventAgent, UserEventAgent, UserEventAgent, UserEventAgent, UserEventAgent, UserEventAgent, AddressBookSourceSync, apsd, apsd, softwareupdate_notify_agent)
...
and
$ pmset -g custom
Battery Power:
lidwake 1
autopoweroff 1
autopoweroffdelay 14400
standbydelay 0
standby 0
ttyskeepawake 1
hibernatemode 25
powernap 0
gpuswitch 2
hibernatefile /var/vm/sleepimage
displaysleep 2
sleep 1
acwake 0
halfdim 1
lessbright 1
disksleep 10
AC Power:
lidwake 1
autopoweroff 1
autopoweroffdelay 14400
standbydelay 0
standby 0
ttyskeepawake 1
hibernatemode 25
powernap 0
gpuswitch 2
hibernatefile /var/vm/sleepimage
womp 0
displaysleep 10
networkoversleep 0
sleep 1
acwake 0
halfdim 1
disksleep 10
I think the problem could be autopoweroff
, which is set to 1 for me and @burguesia. @anton48 noticed that he was not having problems and had this set to 0, but he incorrectly stated that the autopoweroffdelay
is measured in minutes when it's actually seconds (equivalent to 4 hours).
autopoweroff is enabled by default on supported platforms as an implementation of Lot 6 to the European Energy-related Products Directive. After sleeping for seconds, the system will write a hibernation image and go into a lower power chipset sleep. Wakeups from this state will take longer than wakeups from regular sleep.
I'm going to test it out and report back.
@kristovatlas yes, you are right, the unit for this setting is seconds now, but it was in minutes before, so I just remembered that and not rechecked, my bad. you may compare the sources for the man page of pmset here:
https://opensource.apple.com/source/PowerManagement/PowerManagement-571.1.3/pmset/pmset.1 (10.11, says "seconds")
https://opensource.apple.com/source/PowerManagement/PowerManagement-494.1.2/pmset/pmset.1 (10.10, says "minutes")
on the other hand, I just tested the configuration with autopoweroff set to 1 and my notebook was hibernated after 60 seconds regardless of the number set to autopoweroffdelay (I tried 10, 60, 120).
Since setting autopoweroff
to 0
, I haven't had any more problems. I'm going to make a PR now to include this update, and I think it would be safe to close this issue, @drduh.
How are these settings working for folks? Can this issue be resolved now?
@drduh with autopoweroff to 0 everything has been working fine for me for weeks. I'd say the issue is resolved.
Please reopen the ticket and write to Apple if the intended behavior is still not working.
Tried what's mentioned here, hasn't been working for a few days.
System-wide power settings:
DestroyFVKeyOnStandby 1
Active Profiles:
Battery Power -1
AC Power -1*
Currently in use:
standbydelay 0
standby 0
womp 0
halfdim 1
hibernatefile /var/vm/sleepimage
powernap 0
gpuswitch 2
networkoversleep 0
disksleep 10
sleep 0
autopoweroffdelay 0
hibernatemode 25
autopoweroff 0
ttyskeepawake 1
displaysleep 180 (display sleep prevented by com.apple.WebKit.WebContent)
acwake 0
lidwake 1
Am I just being stupid?
I just encountered an edge case when I replaced the 512GB stock SSD of my late 2013 13 inch Macbook Pro with a 1TB OWC Aura SSD.
"DestroyFVKeyOnStandby 1" + "hibernatemode 25" stopped working. Tweaking powernap, autopoweroffdelay and other options doesn't work. The system cannot come back from hibernation, the only possible solution is a hard reboot.
I think the problem is that macOS views the new SSD as an "external" disk. When the system comes back from hibernation it doesn't seem to be able to find the disk. Either the screen stays black or the "missing disk" shows up. In any case the only solution is to manually power off the laptop.
I am on Sierra 10.12.4 with late 2016 Macbook Pro without touchbar. It seems like my computer is still not sleeping and waking properly. Here are my settings:
System-wide power settings:
DestroyFVKeyOnStandby 1
Currently in use:
standbydelay 0
standby 0
halfdim 1
hibernatefile /var/vm/sleepimage
powernap 0
gpuswitch 2
disksleep 10
sleep 10
autopoweroffdelay 28800
hibernatemode 25
autopoweroff 0
ttyskeepawake 1
displaysleep 1
acwake 0
lidwake 1
Here is when things go wrong on my machine. I close the lid. After 1 minute, I open the lid, it prompts me for filevault key. IF I DO NOT ENTER IT AND CLOSE THE LID AGAIN, THE COMPUTER SHUTSDOWN WHEN I OPEN THE LID ONE MINUTE LATER.
In my pmset -g log
, I see the following:
Time stamp Domain Message Duration Delay
========== ====== ======= ======== =====
UUID: (null)
2017-04-17 13:51:09 -0400 Start powerd process is started
2017-04-17 13:51:09 -0400 Assertions Summary- [System: No Assertions] Using Batt(Charge: 73)
2017-04-17 13:51:09 -0400 HibernateStats hibmode=0 standbydelay=0 0
Sleep/Wakes since boot at 2017-04-17 13:51:09 -0400 :0 Dark Wake Count in this sleep cycle:1
Time stamp Domain Message Duration Delay
========== ====== ======= ======== =====
UUID: Unknown UUID
2017-04-17 13:51:09 -0400 Failure Sleep Failure [code:0xFFFFFFFF0400001F]:
I also see a sleep failure here.
I think apple's pmset
is pretty broken and poorly documented. I don't know I should even trust the computer to destroy the filevault key properly during sleep and we have little control over when the computer actually enters the standbymode and destroy the filevault key.
Aloha,
I have also the same issue with OWC Aura SSD.
Replaced my original internal SSD with a OWC Aura.
Now wake up from hibernation does not work anymore.
@skynw : I never managed to solve this issue. Only thing I could do was to go back to standard settings, which means not hibernating the laptop but just using the standard sleep.
@kun-zhou I am seeing the exact same issue, including the same sleep failure log and how my Mac fails to re-awake after opening up the lid a second time. I am on Sierra 10.12.5 with Mid-2013 MacBook Air.
PMSET behavior is very annoying. "UserAgent" preventing my Mac from sleeping. Even web apps running on Electron are having this behavior. Would not it be so simple to overwrite these things Apple?
pmset -g assertions
Assertion status system-wide:
BackgroundTask 1
ApplePushServiceTask 0
UserIsActive 1
PreventUserIdleDisplaySleep 0
PreventSystemSleep 0
ExternalMedia 0
PreventUserIdleSystemSleep 0
NetworkClientActive 0
Listed by owning process:
pid 387(UserEventAgent): [0x00009d95000b93d6] 00:29:58 BackgroundTask named: "com.apple.siri.xpc_activity.metrics-sender"
Created for PID: 2374.
pid 109(hidd): [0x00006a5800098e13] 04:08:41 UserIsActive named: "com.apple.iohideventsystem.queue.tickle.4294971603.17"
Timeout will fire in 594 secs Action=TimeoutActionRelease
Kernel Assertions: 0x4=USB
id=512 level=255 0x4=USB mod=31/12/69 21:00 description=com.apple.usb.externaldevice.13100000 owner=Microsoft® 2.4GHz Transceiver v7.0
id=513 level=255 0x4=USB mod=31/12/69 21:00 description=com.apple.usb.externaldevice.16300000 owner=Gaming Mouse G402
Idle sleep preventers: IODisplayWrangler
The other day after running sudo launchctl config user path "/usr/local/bin:$PATH"
my Mac was able to wake from hibernation successfully. This was written on the Homebrew FAQ for letting .apps find /usr/local/bin. I'm not sure why that would affect the booting from hibernation issue, but it was the only significant change I made before I noticed it successfully waking instead of restarting. It's an MBP Early 2015 model running 10.13.6
If you have an OWC Aura SSD, there's a firmware update available that causes the drive to be recognized as an internal hard drive, making it possible to wake from hibernation. You can find information here: https://eshop.macsales.com/Service/Knowledgebase/Article/10/730/Aura-SSDs-Firmware-Update
The instructions explicitly say to turn off standby
and standbydelay
. But those are the settings that allow the MBP to enter hibernate mode and drop the FV key. (The key is called DestroyFVKeyOnStandby, after all.) Do other people have their MBPs going into Hibernate mode with these settings? I have never gotten it to enter standby with these settings, and thus never drop the FV key.
Mojave, 10.14.3, MBP with touchbar.