EraseEncryptedDisk.sh

Thanks for posting!

This is something I need to play with to see if there is a on size fits all solution that we can embed into AutoCasperNBI.

@bentoms][/url Here is what I'm doing to give a nice little app for my techs to use.

do shell script "diskutil list | grep /dev"
set Drives to paragraphs of result
set FullList to do shell script "diskutil list | awk '{print $1 $3 $4}' | sed 's/#:NAMESIZE//g' | sed 's/[0-9]://g' | sed '/^$/d' | sed '/disk[0-9]/ i\\
'"
set selectedDrive to (choose from list Drives with prompt "" & FullList & "

Which drive would you like to format? By default, you should format disk0" without multiple selections allowed) as text
if selectedDrive is equal to "false" then
    display dialog "Exiting Program"
    error number -128
end if
set SkynetRemoval to display dialog "Are you sure you want to format: " & selectedDrive buttons {"Yes", "No"} default button 2
set SkynetRemoval to returned of question

Removal(selectedDrive, SkynetRemoval)

display dialog "Drive: " & selectedDrive & " has been formated"

on Removal(selectedDrive, SkynetRemoval)
    try
        if SkynetRemoval is equal to "Yes" then
            set Finished to do shell script "sudo diskutil partitionDisk " & selectedDrive & " 1 gpt jhfs+ "Macintosh HD" 100%"
        end if
        if SkynetRemoval is equal to "No" then
            display dialog "Almost destroyed the world....."
        end if
    on error
        do shell script "diskutil unmountDisk force " & selectedDrive
        do shell script "diskutil mountDisk " & selectedDrive
        Removal(selectedDrive, SkynetRemoval)

    end try
end Removal

I compiled the applescript into an app, and then it lives on the dock for our techs to use.

Does this work well on Fusion drives?

@elliotjordan not sure, we don't use fusion drives. But while talking to rich trouton, I remember him saying something like this would actually be harmful to fusion drives. But if you have any extras by all means try it out and let us know.

@GaToRAiD Are you the one that was speaking about this during @bentoms presentation ? The person Ben was saying was going to start a Blog ? :)

@rcorbin, it happened. :) http://gatora1d.wordpress.com

This is great with it being apple script, since I can package it for my netbook. I'm able to get it to start, but I'm getting a script error that the variable "question is not defined". Is there something I may be missing?

@silbermb I'm guessing this is the part that is throwing the error:

set SkynetRemoval to display dialog “Are you sure you want to format: ” & selectedDrive buttons {“Yes”, “No”} default button 2
set SkynetRemoval to returned of question

How are you compiling the code? Are you opening up applescript and then just copy pasting it? Make sure that you check the quotes to make sure they are not smart quotes. That is really the only thing I can think of that might be causing you to throw an error, or that something didn't get copied correctly.

@silbermb I found the issue, we were running an older version in our netboot environment and it allowed for that call in the code. I have updated and testing in our 10.10 netboot environment and it is now working. You can get the updated app from my git hub. https://github.com/GaToRAiD/DriveWipe

@Loree, so the fdisk command wipes the HD regardless of whether it's encrypted or not?

Correct. "fdisk -i" initializes and wipes out the partition table regardless of whether or not the disk is encrypted. Then the "diskutil eraseDisk" statement repartitions the disk with a GUID partition and a Mac OS Extended (Journaled) partition named Macintosh HD.

@Loree what changes did you do to rc.netboot I want to try this on mine.

We were previously replacing the rc.netboot file with one configured for RAMDisk like in this discussion. https://jamfnation.jamfsoftware.com/discussion.html?id=10757

The last 2 NetBoot images I created were done using AutoCasperNBI and all I had to do was check the box to modify the rc.netboot file. I created a package in Composer for the bash script and launcher. Essentially, it is the bash script listed above that sits in the /Library/Scripts/ folder and an AppleScript containing the line: do shell script "/Library/Scripts/eraseEncryptedDisk.sh" which is saved as an application in /private/var/root/Desktop/eraseEncryptedDisk.app. I was able to add this package to the AutoCasperNBI workflow.

My 1-2 day NetBoot creation is down to 1-2 hours. Someone should give Ben Toms a medal.

@Loree Thanks! will give this a shot.

@elliotjordan I finally got around to running this on a Mac Mini with a Fusion Drive. It breaks the Fusion Drive and just creates a partition on the SSD. If you open Disk Utility, it will prompt you to "Fix" the Fusion Drive. I'll play with this a little to see if I can make it Fusion Drive friendly.

external image link