FileVault encrypted machines need the drive erased to remove cached FV info

Eric Holtam

I worked on detecting if the drive is FileVaulted (either APFS or CoreStorage) and alerting the user in the Terminal output that the drive should be erased first. I don't know if automatically formatting a drive is a good idea as detecting the right drive may not be easy/obvious if multiple drives are connected at the time. What I have so far is: APFS lists if FileVault is enabled for each volume. The output will contain "Yes" if it is. If the count of # of Yes's is > 1 then it detects that FileVault is enabled.

CoreStorage has a value of "None" if the drive is not FileVault encrypted. If the output of that is NOT None then it is deemed that FileVault is detected.

If the drive is APFS and not FileVaulted, CS and not FileVaulted, or not APFS nor CS then Imagr is launched.

    APFS_FV=$(/usr/sbin/diskutil apfs list | /usr/bin/awk '/FileVault:/ {print $NF}' | /usr/bin/grep -c Yes)
    CS_FV=$(/usr/sbin/diskutil cs list | /usr/bin/awk -F: '/Encryption Type/ {print $NF}' | awk '{$1=$1};1')

    if [[ $APFS_FV > 0 ]]
    then
            echo "Disk is FileVaulted.  Erase the drive with Disk Utility and run again."
            #**************FILEVAULT ENABLED ON APFS*****************
    elif [[ ! -z $CS_FV ]] && [[ $CS_FV != None ]]
    then
            echo "Disk is FileVaulted.  Erase the drive with Disk Utility and run again."
            #**************FILEVAULT ENABLED ON CORE STORAGE*********
    else
        dir=$(echo $0 | /usr/bin/sed "s|/run$||")
        "${dir}/Deploy/Applications/Imagr.app/Contents/MacOS/Imagr"
    fi

2019-03-02T21:05:24+00:00

Comments (4)

Eric Holtam
This is complicated since the drive is not mounted when run from mds is run. The code to address detecting and possibly formatting the drive will need to happen by the run command or another script that is called by run.
- 2019-03-02T21:00:24+00:00
Eric Holtam
I worked on detecting if the drive is FileVaulted (either APFS or CoreStorage) and alerting the user in the Terminal output that the drive should be erased first. I don't know if automatically formatting a drive is a good idea as detecting the right drive may not be easy/obvious if multiple drives are connected at the time. What I have so far is: APFS lists if FileVault is enabled for each volume. The output will contain "Yes" if it is. If the count of # of Yes's is > 1 then it detects that FileVault is enabled.

CoreStorage has a value of "None" if the drive is not FileVault encrypted. If the output of that is NOT None then it is deemed that FileVault is detected.

If the drive is APFS and not FileVaulted, CS and not FileVaulted, or not APFS nor CS then Imagr is launched.
```
    APFS_FV=$(/usr/sbin/diskutil apfs list | /usr/bin/awk '/FileVault:/ {print $NF}' | /usr/bin/grep -c Yes)
    CS_FV=$(/usr/sbin/diskutil cs list | /usr/bin/awk -F: '/Encryption Type/ {print $NF}' | awk '{$1=$1};1')

    if [[ $APFS_FV > 0 ]]
    then
            echo "Disk is FileVaulted.  Erase the drive with Disk Utility and run again."
            #**************FILEVAULT ENABLED ON APFS*****************
    elif [[ ! -z $CS_FV ]] && [[ $CS_FV != None ]]
    then
            echo "Disk is FileVaulted.  Erase the drive with Disk Utility and run again."
            #**************FILEVAULT ENABLED ON CORE STORAGE*********
    else
        dir=$(echo $0 | /usr/bin/sed "s|/run$||")
        "${dir}/Deploy/Applications/Imagr.app/Contents/MacOS/Imagr"
    fi
```
- 2019-03-02T21:05:24+00:00
timothy perfitt
- changed status to resolved
fixed in 1.3.1
- 2019-03-12T02:24:33+00:00
Dave Lebbing
- changed status to closed
- 2019-12-04T22:53:06+00:00
Log in to comment