Home > Apple File System, FileVault 2, Mac administration, macOS > APFS encryption status check script

APFS encryption status check script

As part of working Apple File System, I’ve developed a script which is designed to check and report the status of encrypted Apple File System (APFS) drives. Currently, here’s what the script is detecting and reporting:

It first checks to see if a Mac is running 10.13.x or higher. If the Mac is question is running 10.13.x or higher, the script reports if it is using encryption on an APFS drive and gives the encryption or decryption status.

If encrypted, the following message is displayed:

FileVault is On.

Screen Shot 2017 11 12 at 8 38 08 PM

 

If not encrypted, the following message is displayed:

FileVault is Off.

Screen Shot 2017 11 12 at 8 43 07 PM

If encrypting, the following message is displayed:

Encryption in progress:

How much has been encrypted is also displayed.

Screen Shot 2017 11 12 at 8 08 30 PM

 

If decrypting, the following message is displayed without quotes:

Decryption in progress:

How much has been decrypted is also displayed.

Screen Shot 2017 11 12 at 8 38 48 PM

 

 

 

If run on a drive which is not using APFS, the following message is displayed:

Unable to display encryption status for filesystems other than APFS.

Screen Shot 2017 11 12 at 8 44 11 PM

 

The script is available below and here on my GitHub repository:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/check_apfs_encryption

I’ve also built a Jamf Pro Extension Attribute:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Extension_Attributes/check_apfs_encryption


#!/bin/bash
osvers_major=$(sw_vers -productVersion | awk -F. '{print $1}')
osvers_minor=$(sw_vers -productVersion | awk -F. '{print $2}')
ERROR=0
# Checks to see if the OS on the Mac is 10.x.x. If it is not, the
# following message is displayed without quotes:
#
# "Unknown Version Of macOS"
if [[ ${osvers_major} -ne 10 ]]; then
echo "Unknown Version Of macOS"
fi
# Checks to see if the OS on the Mac is 10.13 or higher.
# If it is not, the following message is displayed without quotes:
#
# "APFS Encryption Not Available For This Version Of macOS"
if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 13 ]]; then
echo "APFS Encryption Not Available For This Version Of macOS"
fi
if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -ge 13 ]]; then
# If the OS on the Mac is 10.13 or higher, check to see if the
# boot drive is formatted with APFS or HFS+
boot_filesystem_check=$(/usr/sbin/diskutil info / | awk '/Type \(Bundle\)/ {print $3}')
# If the drive is formatted with APFS, the fdesetup tool will
# be available and is able to display the encryption status.
if [[ "$boot_filesystem_check" = "apfs" ]]; then
# If encrypted, the following message is
# displayed without quotes:
# "FileVault is On."
#
# If encrypting, the following message is
# displayed without quotes:
# "Encryption in progress:"
# How much has been encrypted of of the total
# amount of space is also displayed.
#
# If decrypting, the following message is
# displayed without quotes:
# "Decryption in progress:"
# How much has been decrypted of of the total
# amount of space is also displayed
#
# If not encrypted, the following message is
# displayed without quotes:
# "FileVault is Off."
ENCRYPTSTATUS=$(fdesetup status | xargs)
if [[ -z $(echo "$ENCRYPTSTATUS" | awk '/Encryption | Decryption/') ]]; then
ENCRYPTSTATUS=$(fdesetup status | head -1)
echo "$ENCRYPTSTATUS"
else
ENCRYPTSTATUS=$(fdesetup status | tail -1)
echo "$ENCRYPTSTATUS"
fi
else
echo "Unable to display encryption status for filesystems other than APFS."
fi
fi
exit $ERROR

view raw

gistfile1.txt

hosted with ❤ by GitHub

  1. November 13, 2017 at 7:45 pm

    Just curious, but what’s the benefit of this over your previous scripts/EAs? I’m still seeing it work as it previously has even with my machine updated to 10.13.1.

  2. January 29, 2018 at 8:53 pm
  3. Nite Boater
    July 3, 2019 at 1:35 pm

    I tried this on my 2018 MBP running 10.14.5 to get the % of encryption or decryption, unfortunately, all check_apfs_encryption.sh reports is just “FV is On” or “FV is off”. Has anyone on copy here got it to display the actual percentage when using a Mojave OS installation?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: