Jamf Nation Community

Hey Nick,

I just saw your post today and would like you to try running a command in Terminal on that computer to see if the machine is accepting the FileVault 2 (fdesetup) commands. Could you please run the following command and let us know what is echoed back?

sudo fdesetup status

You should get this response to that command if it was successful:

FileVault is Off.
FileVault master keychain appears to be installed.
Deferred enablement appears to be active for user 'xyz'.

Thanks,
Kyle

I get the same response as what's logged from self-service:

No conversion in progress

No other output.

The -defer flag just doesn't seem to work on fusion volumes . . . I tried

sudo fdesetup enable -keychain -defer /path/to/file.plist

and got no errors, but no encryption kickoff, either.

I opened an applecare case on this- they confirmed that the -defer flag is not working with fusion and they've escalated the issue to the developers. I'll update the thread when I have more information.

@Nick, thanks for that info. Good to know. We don't have any models in yet with Fusion drives, but once we do, not being able to use the fdesetup -defer option is going to an issue for us, as encryption has now become a mandate so we push it to any new Macs being setup first time by a user.

On another non-related note, I noticed just today the new MacBook Pro 13" Retina model does not get the more human readable model name applied in Casper Suite, at least as of 8.6. Not sure about the latest and greatest version. It shows up as MacBookPro10,2 instead.
This seems to happen often when new models are released. That leads me to believe that the JSS stores a big list of model id strings that it translates into the more recognized model name. So, MacBookPro8,2 = "13-inch MacBook Pro (2011)" and MacBookPro10,2 = "13-inch MacBook Pro Retina (2012)" etc.

I can confirm that fdesetup -defer does not work, it looks like it's going to encrypt, but it just reboots and starts up again.

Does anyone know if this was fixed in 10.8.4? I'm doing some testing on a Mac Mini with a Fusion Drive and also on a VM with a pseudo-Fusion Drive (used `diskutil cs create` to combine two drives) both with the same 10.8.4 image on them. Here's what I'm seeing:

Executing Policy Enable FileVault2 (10.8)...

No conversion in progress
Displaying message to end user...

Note this configuration works fine with a single disk configuration.

I wouldn't hold your breath for a fix in 10.8.
I WOULD suggest you try it with 10.9, if you have access to that (particularly the latest version).

Anyone know or been able to test if this is fixed in 10.9?

@blimvisible

This is listed as a known issue in the Casper 9.2 release notes:

http://www.jamfsoftware.com/sites/default/files/Casper_Suite_9.2_Release_Notes.pdf

I don't have a Fusion drive to test with right now, but at least for Casper, it looks like it's not fixed.

Fixed in 10.9.

@JPDyson,

Thanks for testing this!