New FileVault 2 enablement option in Yosemite’s Setup Assistant
One new window that appears in Apple’s Setup Assistant application for Yosemite is one that encourages new users of Yosemite to enable FileVault 2 encryption.
However, this Setup Assistant window appears to be selective as it appears for some users but not others. After some digging with the strings command, it looks like the FileVault 2 option in Setup Assistant does not appear in the following conditions:
- The Mac is not a laptop.
- The OS is unable to check the processor for certain features.
- The processor does not support AES-NI.
- The OS is booting from an external drive.
- There’s more than one user account on the system.
- The boot drive does not have a CoreStorage logical volume set up on it.
- The boot drive is already encrypted.
- The Mac was configured by the Device Enrollment Program to not display this option.
- This window had already appeared for this drive and user account.
- The user’s home folder is located somewhere other than the boot drive.
- The user has not logged into iCloud on this machine.
These criteria can be examined using the following procedure:
- Install Xcode or the Xcode Command Line Tools.
- Once Xcode or the Xcode Command Line Tools are installed, open Terminal and run the following command:
strings /System/Library/CoreServices/Setup\ Assistant.app/Contents/SharedSupport/MiniLauncher | grep "FDE upsell"
On a 10.10.0 system, that should produce the following output:
Skipping FDE upsell, machine is not a portable Skipping FDE upsell, unable to inspect cpu features Skipping FDE upsell, unable to gather cpu features Skipping FDE upsell, CPU doesn't have AES instruction set Skipping FDE upsell, somehow running buddy on a disk image Skipping FDE upsell, not an internal volume Skipping FDE upsell, not a single user system Skipping FDE upsell, root disk is not a CSLV Skipping FDE upsell, root disk is already FDE Skipping FDE upsell, system was opted out via Device Enrollment Program setting Skipping FDE upsell, already occurred for this volume and user Skipping FDE upsell, user home volume is separate from the system volume Skipping FDE upsell, not logged into iCloud