Home > Bash scripting, Cauliflower Vest, FileVault 2, Mac administration, Mac OS X > Interactive FileVault 2 initialization script

Interactive FileVault 2 initialization script

I’ve written an interactive script that uses the Cauliflower Vest csfde tool as a standalone utility to enable FileVault 2 encryption on your boot volume. The script will ask some questions, then uses that information to initialize the encryption and enable the user account specified.

The script is available here on my GitHub repo.

csfde

The script is expecting the csfde tool to be installed in /usr/local/bin. Install the csfde tool there before running the script.

If the script detects that csfde is not present in /usr/local/bin, it will stop and not run.

Recovery Key

If you are using a managed recovery key (i.e. a properly configured FileVaultMaster.keychain in /LibraryKeychains) – the script will report that fact and not output a machine-generated recovery key.

If you are not using a managed recovery key – the script will output a machine-generated recovery key that is individual to this specific Mac and display it to the user.

If you are using a improperly configured managed recovery key – the script will output a machine-generated recovery key that is individual to this specific Mac and display it to the user.

VERY IMPORTANT: The machine-generated individual recovery key is not saved anywhere outside the machine. Make a record of it or you will have no recovery key to help unlock your Mac’s encryption if there’s a problem.

The script will request a restart and then report [Process Completed] once it has completed initializing the FileVault 2 encryption process and reported on the recovery key. Once you’ve made a record of the recovery key (if needed), It is safe at that point to close the Terminal window and reboot your Mac.

  1. Todd
    July 17, 2012 at 3:14 pm

    Thank you for sharing your script. I appreciate you saving me some development time! I don’t see a way to have a second account enabled to unlock the disk (pre boot). I realize this may be a csfde question but thought you might know…

  2. July 17, 2012 at 8:02 pm

    Todd,

    csfde does one job – it turns on FileVault 2 encryption and enables a single account as part of that process. Unfortunately, it’s not able to enable two or more accounts.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 164 other followers

%d bloggers like this: