Can I mount an encrypted image BEFORE Finder loads?

I have most of my ~ folder on an encrypted sparse bundle disk image. I have it set to automount via Prefs>Users, but it loads AFTER Finder, so my Desktop is blank unless I force-relaunch Finder.

Is there any way (via command line, I'm guessing) to get the OS to mount this disk image FIRST upon logging in, before anything else gets launched, including the Finder?


Solution 1:

Mounting the sparsebundle can be accomplished via command line using the 'hdiutil' command. You can also create a shell script that will perform this action. This script assumes that the image is located at /Users/somebody/Image.sparsebundle, and that the passphrase used to encrypt the image is "testpass"):

#!/bin/bash
#
# This script mounts the disk image at /Users/somebody/Image.sparsebundle
#
echo -n testpass | hdiutil mount /Users/somebody/Image.sparsebundle

After creating that script in some text-editor, you can change the permissions of the file to allow it to be executed. Assuming that this script was created at /Users/somebody/MountSparsebundle, you can use Terminal to make it executable:

chmod 755 /Users/somebody/MountSparsebundle

Once you've made the file executable, you should be able to run the command using the Terminal. In Terminal, type the full path of the script to execute it:

/Users/somebody/MountSparsebundle

The script should run, and cause the sparsebundle to mount. Note that you will want to unmount that sparsebundle before running the script (to confirm that it is mounting when you use the script).

After verifying that the script is working, you can create a LaunchDaemon that will be responsible for mounting this sparsebundle on boot. The LaunchDaemon configuration file should be installed in /Library/LaunchDaemons, which will cause it to be loaded before the loginwindow. Here's an example of a launchd configuration file that runs a script located at /Users/somebody called "MountSparsebundle":

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Disabled</key>
    <true/>
    <key>RunAtLoad</key>
    <true/>
    <key>Label</key>
    <string>com.example.mountsparsebundle</string>
    <key>Program</key>
    <string>/Users/somebody/MountSparsebundle</string>
</dict>
</plist>

The last step that you'd need to take would be to configure the launchd system to load that launch daemon at boot. This can be accomplished using launchctl (Assuming that the file in the previous step was saved to "/Library/LaunchDaemons/com.example.mountsparsebundle.plist"):

sudo launchctl load -w /Library/LaunchDaemons/com.example.mountsparsebundle.plist

Alternately, you can use a LoginHook, which will suspend launching of the Finder until the login script exits. Although Apple does not recommend LoginHooks, they can be used to accomplish what you're trying to do. You can setup the script mentioned above as a login hook using the defaults command:

sudo defaults write com.apple.loginwindow LoginHook /Users/somebody/MountSparsebundle

Note: LoginHooks are run as root, which is something of a security risk...However, this will also allow you to examine the current user that's logging in (as part of the script), and perform actions based on the user credentials. Here's a modified script that shows an example of how to parse the username that is logging in (which is passed to the script as argument $1):

#!/bin/bash
#
# This script mounts the disk image at /Users/somebody/Image.sparsebundle
#
if [ "$1" == "somebody" ]; then
    echo -n testpass | hdiutil mount /Users/somebody/Image.sparsebundle
fi