Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

csgather(1) [mojave man page]

csgather(1)						    BSD General Commands Manual 					       csgather(1)

NAME

     csgather -- Gather CoreStorage metadata for diagnosis

SYNOPSIS

     csgather -G dir device ...
     csgather -r mountPoint [-o filename]

DESCRIPTION

     csgather gathers CoreStorage metadata for diagnosis.  It works in two modes.

     In the first mode where -G and a list of devices are provided, CoreStorage metadata on these list of devices will be collected.  The col-
     lected information includes the size and UUID of the CoreStorage logical and physical volumes, the name of the logical volumes, the wrapped
     (encrypted) volume key (which can only be decrypted by a brute-force attack), user name and user login image file.  No other user information
     (such as directory structure, file names, file content, etc) is collected.

     In the second mode where -r is provided, the encryption context which includes the wrapped volume key (which can only be decrypted by a
     brute-force attack), user name and user login image file will be collected.

     If the wrapped volume key is decrypted by a brute-force attack, the volume key used to encrypt data on CoreStorage Logical Volumes is in the
     clear.  It is not mathematically possible to derive the user's passphrase from the volume key.  The volume key is only useful when the
     attacker has access to the encrypted data in the CoreStorage Logical Volume, which are not collected by csgather.

     The following options are available:

     -G dir	    Gather all CoreStorage metadata and write into the specified directory.  The given directory must not already exist.

     -o filename    Specify the output file generated by the -r option.  If not given, use standard output.

     -r mountPoint  Find out the CoreStorage logical volume identified by the given mount point, and print its encryption context to the file
		    given in the -o option.

SEE ALSO

     csdiagnose(1)

HISTORY

     The csgather utility first appeared along with CoreStorage in OS X 10.10.0.

OS X
								   May 31, 2019 							      OS X

Check Out this Related Man Page

CSUNIQUE(8)						    BSD System Manager's Manual 					       CSUNIQUE(8)

NAME

     csunique -- modify the UUIDs of CoreStorage metadata objects

SYNOPSIS

     csunique [-v | --verbose] [-n | --dry-run] [-I | --include include] [-X | --exclude exclude] device ...

DESCRIPTION

     The csunique utility can rewrite CoreStorage logical volume group metadata, changing object UUIDs.  All CoreStorage objects are uniquely
     identified by UUIDs.  This can be useful when copying an initial "canned image" onto multiple machines to establish these as independent vol-
     umes.

     The device parameter(s) should be path(s) to the "raw" (character special) disk device(s) such as /dev/rdisk1s1 that constitute the CoreStor-
     age logical volume group.	If you specify a "non-raw" (block special) path such as /dev/disk1s1, or just the disk name such as disk1s1, it
     will automatically be converted to the corresponding raw disk device (/dev/rdisk1s1).

     The options are as follows:

	   -v	       Output verbose progress information of each step and the UUID re-mappings.

	   -n	       Operates in "dry run" mode; no changes are made to the on-disk data.

	   -I	       Specifies an additional class of UUID objects that should be modified.

	   -X	       Specifies a class of UUID objects that should not be modified.  By default all UUIDs will be changed.

     The classes of CoreStorage UUID objects that can be included or excluded from modification by csunique are indicated using the following
     characters:

	   f	   logical volume family (LVF)

	   g	   logical volume group (LVG)

	   l	   logical volume (LV)

	   p	   physical volume (PV)

	   w	   MLV wipekey

     csunique processes/transforms the CoreStorage metadata in a number of steps:

	   1.	Firstly, an initial fsck_cs is performed to ensure the source structure is consistent;

	   2.	If the LVG is currently live and mounted by the kext it is temporarily "frozen";

	   3.	If the disk partitions are of type Apple_CoreStorage then they are switched offline (which dissociates the kext from the old meta-
		data);

	   4.	The CoreStorage metadata is locally parsed and loaded;

	   5.	All object UUIDs are located, and new UUIDs generated for classes as set by the -I and -X options;

	   6.	UUIDs are re-written to disk;

	   7.	A post-modification fsck_cs is performed to ensure the final structure is consistent;

	   8.	Finally, any disk partitions taken offline are restored to Apple_CoreStorage (which will reload the kext with the new UUID meta-
		data).

DIAGNOSTICS

     The csunique utility exits with 0 if the CoreStorage logical volume group was modified as directed, and with >0 if it was unable to do so.
     Any error message is written to stderr.

BUGS

     csunique cannot modify the LVF UUID if there are any encrypted LVs inside it.  Any mounted LVs must be manually unmounted before invocation.

HISTORY

     The csunique utility first appeared in Mac OS X 10.8.1.

Darwin								September 25, 2012							    Darwin
Man Page