Home > FileVault 2, Mac administration, Mac OS X > New FileVault 2 enablement option in Yosemite’s Setup Assistant

New FileVault 2 enablement option in Yosemite’s Setup Assistant

One new window that appears in Apple’s Setup Assistant application for Yosemite is one that encourages new users of Yosemite to enable FileVault 2 encryption.

yosemite_filevault_setup_assistant

However, this Setup Assistant window appears to be selective as it appears for some users but not others. After some digging with the strings command, it looks like the FileVault 2 option in Setup Assistant does not appear in the following conditions:

  1. The Mac is not a laptop.
  2. The OS is unable to check the processor for certain features.
  3. The processor does not support AES-NI.
  4. The OS is booting from an external drive.
  5. There’s more than one user account on the system.
  6. The boot drive does not have a CoreStorage logical volume set up on it.
  7. The boot drive is already encrypted.
  8. The Mac was configured by the Device Enrollment Program to not display this option.
  9. This window had already appeared for this drive and user account.
  10. The user’s home folder is located somewhere other than the boot drive.
  11. The user has not logged into iCloud on this machine.

These criteria can be examined using the following procedure:

  1. Install Xcode or the Xcode Command Line Tools.
  2. Once Xcode or the Xcode Command Line Tools are installed, open Terminal and run the following command:
strings /System/Library/CoreServices/Setup\ Assistant.app/Contents/SharedSupport/MiniLauncher | grep "FDE upsell"

On a 10.10.0 system, that should produce the following output:

Skipping FDE upsell,  machine is not a portable
Skipping FDE upsell, unable to inspect cpu features
Skipping FDE upsell, unable to gather cpu features
Skipping FDE upsell, CPU doesn't have AES instruction set
Skipping FDE upsell, somehow running buddy on a disk image
Skipping FDE upsell, not an internal volume
Skipping FDE upsell, not a single user system
Skipping FDE upsell, root disk is not a CSLV
Skipping FDE upsell, root disk is already FDE
Skipping FDE upsell, system was opted out via Device Enrollment Program setting
Skipping FDE upsell, already occurred for this volume and user
Skipping FDE upsell, user home volume is separate from the system volume
Skipping FDE upsell, not logged into iCloud
  1. March 28, 2016 at 1:41 pm

    Hello!

    I’m trying to force that the FileVault window appears in the Setup Assistant in my Mac mini, during El Capitan installation.

    I’m assuming I need to modify one file (one plist maybe?), but don’t know which one!! Next, I would create a custom InstallESD.dmg with this file modified, using the guide in: https://github.com/drduh/OS-X-Security-and-Privacy-Guide#preparing-os-x

    Please, can you help me? THANKS!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: