Archive
APFS encryption status check script
As part of working Apple File System, I’ve developed a script which is designed to check and report the status of encrypted Apple File System (APFS) drives. Currently, here’s what the script is detecting and reporting:
It first checks to see if a Mac is running 10.13.x or higher. If the Mac is question is running 10.13.x or higher, the script reports if it is using encryption on an APFS drive and gives the encryption or decryption status.
If encrypted, the following message is displayed:
FileVault is On.
If not encrypted, the following message is displayed:
FileVault is Off.
If encrypting, the following message is displayed:
Encryption in progress:
How much has been encrypted is also displayed.
If decrypting, the following message is displayed without quotes:
Decryption in progress:
How much has been decrypted is also displayed.
If run on a drive which is not using APFS, the following message is displayed:
Unable to display encryption status for filesystems other than APFS.
The script is available below and here on my GitHub repository:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/check_apfs_encryption
I’ve also built a Jamf Pro Extension Attribute:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| osvers_major=$(sw_vers -productVersion | awk -F. '{print $1}') | |
| osvers_minor=$(sw_vers -productVersion | awk -F. '{print $2}') | |
| ERROR=0 | |
| # Checks to see if the OS on the Mac is 10.x.x. If it is not, the | |
| # following message is displayed without quotes: | |
| # | |
| # "Unknown Version Of macOS" | |
| if [[ ${osvers_major} -ne 10 ]]; then | |
| echo "Unknown Version Of macOS" | |
| fi | |
| # Checks to see if the OS on the Mac is 10.13 or higher. | |
| # If it is not, the following message is displayed without quotes: | |
| # | |
| # "APFS Encryption Not Available For This Version Of macOS" | |
| if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 13 ]]; then | |
| echo "APFS Encryption Not Available For This Version Of macOS" | |
| fi | |
| if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -ge 13 ]]; then | |
| # If the OS on the Mac is 10.13 or higher, check to see if the | |
| # boot drive is formatted with APFS or HFS+ | |
| boot_filesystem_check=$(/usr/sbin/diskutil info / | awk '/Type \(Bundle\)/ {print $3}') | |
| # If the drive is formatted with APFS, the fdesetup tool will | |
| # be available and is able to display the encryption status. | |
| if [[ "$boot_filesystem_check" = "apfs" ]]; then | |
| # If encrypted, the following message is | |
| # displayed without quotes: | |
| # "FileVault is On." | |
| # | |
| # If encrypting, the following message is | |
| # displayed without quotes: | |
| # "Encryption in progress:" | |
| # How much has been encrypted of of the total | |
| # amount of space is also displayed. | |
| # | |
| # If decrypting, the following message is | |
| # displayed without quotes: | |
| # "Decryption in progress:" | |
| # How much has been decrypted of of the total | |
| # amount of space is also displayed | |
| # | |
| # If not encrypted, the following message is | |
| # displayed without quotes: | |
| # "FileVault is Off." | |
| ENCRYPTSTATUS=$(fdesetup status | xargs) | |
| if [[ -z $(echo "$ENCRYPTSTATUS" | awk '/Encryption | Decryption/') ]]; then | |
| ENCRYPTSTATUS=$(fdesetup status | head -1) | |
| echo "$ENCRYPTSTATUS" | |
| else | |
| ENCRYPTSTATUS=$(fdesetup status | tail -1) | |
| echo "$ENCRYPTSTATUS" | |
| fi | |
| else | |
| echo "Unable to display encryption status for filesystems other than APFS." | |
| fi | |
| fi | |
| exit $ERROR |
Der Flounder 
Recent Comments