Archive for October 25, 2014

New FileVault 2 enablement option in Yosemite’s Setup Assistant

October 25, 2014 1 comment

One new window that appears in Apple’s Setup Assistant application for Yosemite is one that encourages new users of Yosemite to enable FileVault 2 encryption.


However, this Setup Assistant window appears to be selective as it appears for some users but not others. After some digging with the strings command, it looks like the FileVault 2 option in Setup Assistant does not appear in the following conditions:

  1. The Mac is not a laptop.
  2. The OS is unable to check the processor for certain features.
  3. The processor does not support AES-NI.
  4. The OS is booting from an external drive.
  5. There’s more than one user account on the system.
  6. The boot drive does not have a CoreStorage logical volume set up on it.
  7. The boot drive is already encrypted.
  8. The Mac was configured by the Device Enrollment Program to not display this option.
  9. This window had already appeared for this drive and user account.
  10. The user’s home folder is located somewhere other than the boot drive.
  11. The user has not logged into iCloud on this machine.

These criteria can be examined using the following procedure:

  1. Install Xcode or the Xcode Command Line Tools.
  2. Once Xcode or the Xcode Command Line Tools are installed, open Terminal and run the following command:
strings /System/Library/CoreServices/Setup\ | grep "FDE upsell"

On a 10.10.0 system, that should produce the following output:

Skipping FDE upsell,  machine is not a portable
Skipping FDE upsell, unable to inspect cpu features
Skipping FDE upsell, unable to gather cpu features
Skipping FDE upsell, CPU doesn't have AES instruction set
Skipping FDE upsell, somehow running buddy on a disk image
Skipping FDE upsell, not an internal volume
Skipping FDE upsell, not a single user system
Skipping FDE upsell, root disk is not a CSLV
Skipping FDE upsell, root disk is already FDE
Skipping FDE upsell, system was opted out via Device Enrollment Program setting
Skipping FDE upsell, already occurred for this volume and user
Skipping FDE upsell, user home volume is separate from the system volume
Skipping FDE upsell, not logged into iCloud
%d bloggers like this: