Home > Bash scripting, FileVault 2, Mac administration, Mac OS X > FileVault 2 encryption status check script

FileVault 2 encryption status check script

As part of working on FileVault 2, I’ve been developing a script that can be run via various system management tools to report whether or not a particular Mac is encrypted with FileVault 2. Currently, here’s what the script is detecting and reporting:

Checks to see if the OS on the Mac is 10.7 or not.

If it is not, the following message is displayed without quotes: FileVault 2 Encryption Not Available For This Version Of Mac OS X

If the Mac is running 10.7, but not does not have any CoreStorage volumes, the following message is displayed without quotes: FileVault 2 Encryption Not Enabled

If the Mac is running 10.7 and has CoreStorage volumes, the script then checks to see if the machine is encrypted, encrypting, or decrypting.

If encrypted, the following message is displayed without quotes: FileVault 2 Encryption Complete

If encrypting, the following message is displayed without quotes: FileVault 2 Encryption Proceeding

How much has been encrypted of of the total amount of space is also displayed.

If the amount of encryption is for some reason not known, the following message is displayed without quotes: FileVault 2 Encryption Status Unknown. Please check.

If decrypting, the following message is displayed without quotes: FileVault 2 Decryption Proceeding

How much has been decrypted of of the total amount of space is also displayed

If fully decrypted, the following message is displayed without quotes: FileVault 2 Decryption Complete

The script is available here on my GitHub repository. I’ve also built a Casper-specific version for use as a Casper Extension Attribute.

  1. November 18, 2011 at 3:51 am

    This script is exactly what I was looking for!

    I found that it seems to not be happy if there’s more than one FileVault volume (like a Time Machine drive), and I’m working on a modification to grab only the first Logical Volume Group. Would you like me to send an update?

    If so, please indicate how best to send it.

    • November 18, 2011 at 4:03 am

      Mike,

      Glad to hear it’s being useful! Modifications can be posted to the comments, or you can email them to me directly: rtrouton at gmail

  2. Erik J
    May 20, 2012 at 1:17 am

    AH the script 404’ed, this is exactly what I have been looking for do you have an updated URL?

    • May 20, 2012 at 1:27 am

      Link’s now fixed, thanks for letting me know that it wasn’t working!

  3. Eric T
    May 15, 2013 at 9:22 pm

    Rich, I’m wondering why you chose to go this route instead of just using the output of `fdesetup status`? Thanks!

    • May 15, 2013 at 9:54 pm

      Eric,

      When I originally wrote this script in 2011, fdesetup was not yet an available option.

      • Eric T
        May 15, 2013 at 10:06 pm

        That makes sense!

  4. mwined
    July 29, 2014 at 5:11 pm

    Thanks Rich! :)
    For Yosemite (10.10):
    osvers=`echo $osversionlong | awk -F. ‘{print $2}’`

    or some such.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 154 other followers

%d bloggers like this: