- Jamf Nation Community
- Products
- Jamf Pro
- Extension attribute for FileVault 2 status
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Extension attribute for FileVault 2 status
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2011 02:24 PM
One of the items I was planning to mention during my FileVault 2 talk was that I've written an extension attribute to provide information about FileVault 2. To celebrate JAMF Nation's new site, here it is in advance!
It's also available from my GitHub repo at the following address. All updates to this extension attribute will be posted there:
#!/bin/sh
CORESTORAGESTATUS="/private/tmp/corestorage.txt"
ENCRYPTSTATUS="/private/tmp/encrypt_status.txt"
ENCRYPTDIRECTION="/private/tmp/encrypt_direction.txt"
OS=`/usr/bin/sw_vers | grep ProductVersion | cut -c 17-20`
CONTEXT=`diskutil cs list | grep -E "Encryption Context" | awk '{print $3}'`
ENCRYPTION=`diskutil cs list | grep -E "Encryption Type" | awk '{print $3}'`
CONVERTED=`diskutil cs list | grep "Size (Converted)" | awk '{print $5, $6}'`
SIZE=`diskutil cs list | grep "Size (Total)" | awk '{print $5, $6}'`
# Checks to see if the OS on the Mac is 10.7 or not.
# If it is not, the following message is displayed without quotes:
# "FileVault 2 Encryption Not Available For This Version Of Mac OS X"
if [ "$OS" != "10.7" ]; then
echo '<result>'FileVault 2 Encryption Not Available For This Version Of Mac OS X'</result>'
fi
if [ "$OS" = "10.7" ]; then
diskutil cs list >> $CORESTORAGESTATUS
# If the Mac is running 10.7, but not does not have
# any CoreStorage volumes, the following message is
# displayed without quotes:
# "FileVault 2 Encryption Not Enabled"
if grep -iE 'No CoreStorage' $CORESTORAGESTATUS; then
echo '<result>'FileVault 2 Encryption Not Enabled'</result>'
fi
# If the Mac is running 10.7 and has CoreStorage volumes,
# the script then checks to see if the machine is encrypted,
# encrypting, or decrypting.
#
# If encrypted, the following message is
# displayed without quotes:
# "FileVault 2 Encryption Complete"
#
# If encrypting, the following message is
# displayed without quotes:
# "FileVault 2 Encryption Proceeding."
# How much has been encrypted of of the total
# amount of space is also displayed. If the
# amount of encryption is for some reason not
# known, the following message is
# displayed without quotes:
# "FileVault 2 Encryption Status Unknown. Please check."
#
# If decrypting, the following message is
# displayed without quotes:
# "FileVault 2 Decryption Proceeding"
# How much has been decrypted of of the total
# amount of space is also displayed
#
# If fully decrypted, the following message is
# displayed without quotes:
# "FileVault 2 Decryption Complete"
#
if grep -iE 'Logical Volume Family' $CORESTORAGESTATUS; then
if [ "$CONTEXT" = "Present" ]; then
if [ "$ENCRYPTION" = "AES-XTS" ]; then
diskutil cs list | grep -E "Conversion Status" | awk '{print $3}' >> $ENCRYPTSTATUS
if grep -iE 'Complete' $ENCRYPTSTATUS; then
echo '<result>'FileVault 2 Encryption Complete'</result>'
else
if grep -iE 'Converting' $ENCRYPTSTATUS; then
diskutil cs list | grep -E "Conversion Direction" | awk '{print $3}' >> $ENCRYPTDIRECTION
if grep -iE 'Forward' $ENCRYPTDIRECTION; then
echo '<result>'FileVault 2 Encryption Proceeding. $CONVERTED of $SIZE Remaining'</result>'
else
echo '<result>'FileVault 2 Encryption Status Unknown. Please check.'</result>'
fi
fi
fi
else
if [ "$ENCRYPTION" = "None" ]; then
diskutil cs list | grep -E "Conversion Direction" | awk '{print $3}' >> $ENCRYPTDIRECTION
if grep -iE 'Backward' $ENCRYPTDIRECTION; then
echo '<result>'FileVault 2 Decryption Proceeding. $CONVERTED of $SIZE Remaining'</result>'
elif grep -iE '-none-' $ENCRYPTDIRECTION; then
echo '<result>'FileVault 2 Decryption Completed'</result>'
fi
fi
fi
fi
fi
fi
# Remove the temp files created during the script
if [ -f /private/tmp/corestorage.txt ]; then
srm /private/tmp/corestorage.txt
fi
if [ -f /private/tmp/encrypt_status.txt ]; then
srm /private/tmp/encrypt_status.txt
fi
if [ -f /private/tmp/encrypt_direction.txt ]; then
srm /private/tmp/encrypt_direction.txt
fi
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2011 02:26 PM
Correct link:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/filevault_2_encryption_check/Casper%20Extension%20Attribute
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2011 09:05 AM
Kickass, thanks Rich!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2011 11:42 AM
Hey Rich - this is awesome. Would you mind uploading it to the Mac OS X Third-Party Product section?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2011 12:53 PM
Jake,
I'm having trouble uploading the script in the third party products section. What's the correct procedure to attach and upload a shell script?
Thanks,
Rich
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2011 04:17 PM
Fantastic presentation, Rich. I'm adding a link to your blog with the slides for future reference:
Thanks for your great contribution to #jnuc 2011!
