APFS encryption status check script

As part of working Apple File System, I’ve developed a script which is designed to check and report the status of encrypted Apple File System (APFS) drives. Currently, here’s what the script is detecting and reporting:

It first checks to see if a Mac is running 10.13.x or higher. If the Mac is question is running 10.13.x or higher, the script reports if it is using encryption on an APFS drive and gives the encryption or decryption status.

If encrypted, the following message is displayed:

FileVault is On.

 

If not encrypted, the following message is displayed:

FileVault is Off.

If encrypting, the following message is displayed:

Encryption in progress:

How much has been encrypted is also displayed.

 

If decrypting, the following message is displayed without quotes:

Decryption in progress:

How much has been decrypted is also displayed.

 

 

 

If run on a drive which is not using APFS, the following message is displayed:

Unable to display encryption status for filesystems other than APFS.

 

The script is available below and here on my GitHub repository:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/check_apfs_encryption

I’ve also built a Jamf Pro Extension Attribute:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Extension_Attributes/check_apfs_encryption

	#!/bin/bash
	osvers_major=$(sw_vers -productVersion | awk -F. '{print $1}')
	osvers_minor=$(sw_vers -productVersion | awk -F. '{print $2}')
	ERROR=0
	# Checks to see if the OS on the Mac is 10.x.x. If it is not, the
	# following message is displayed without quotes:
	#
	# "Unknown Version Of macOS"
	if [[ ${osvers_major} -ne 10 ]]; then
	echo "Unknown Version Of macOS"
	fi
	# Checks to see if the OS on the Mac is 10.13 or higher.
	# If it is not, the following message is displayed without quotes:
	#
	# "APFS Encryption Not Available For This Version Of macOS"
	if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 13 ]]; then
	echo "APFS Encryption Not Available For This Version Of macOS"
	fi
	if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -ge 13 ]]; then
	# If the OS on the Mac is 10.13 or higher, check to see if the
	# boot drive is formatted with APFS or HFS+
	boot_filesystem_check=$(/usr/sbin/diskutil info / | awk '/Type \(Bundle\)/ {print $3}')
	# If the drive is formatted with APFS, the fdesetup tool will
	# be available and is able to display the encryption status.
	if [[ "$boot_filesystem_check" = "apfs" ]]; then
	# If encrypted, the following message is
	# displayed without quotes:
	# "FileVault is On."
	#
	# If encrypting, the following message is
	# displayed without quotes:
	# "Encryption in progress:"
	# How much has been encrypted of of the total
	# amount of space is also displayed.
	#
	# If decrypting, the following message is
	# displayed without quotes:
	# "Decryption in progress:"
	# How much has been decrypted of of the total
	# amount of space is also displayed
	#
	# If not encrypted, the following message is
	# displayed without quotes:
	# "FileVault is Off."
	ENCRYPTSTATUS=$(fdesetup status | xargs)
	if [[ -z $(echo "$ENCRYPTSTATUS" | awk '/Encryption | Decryption/') ]]; then
	ENCRYPTSTATUS=$(fdesetup status | head -1)
	echo "$ENCRYPTSTATUS"
	else
	ENCRYPTSTATUS=$(fdesetup status | tail -1)
	echo "$ENCRYPTSTATUS"
	fi
	else
	echo "Unable to display encryption status for filesystems other than APFS."
	fi
	fi
	exit $ERROR

view raw

gistfile1.txt

hosted with ❤ by GitHub