FileVault 2 Eligibility on 10.13

DBrowning
Valued Contributor II

I noticed this morning that all my machines that are on 10.13 or higher are reporting a FileVault 2 Eligibility as Not Eligible. Anyone else seeing this?

2 REPLIES 2

golbiga
Contributor III
Contributor III

For those Macs does FV2 Eligibility show up as "No Recovery Partition"? If so then this is related to an open PI (PI-004689). I had to adjust my Smartgroup for 10.13 systems to:

2220a1e7f9b94af7a57a6aed9d6cc931

For Recovery Identifier I'm using [https://github.com/chilcote/unearth/blob/master/artifacts/recovery_device.py](link URL) as an EA.

My guess is that recon is doing a diskutil list and 10.12 & 10.13 show up differently due to APFS.

10.12 = Apple_Boot Recovery HD
10.13 = APFS Volume Recovery

Allen

DBrowning
Valued Contributor II

I use an EA that tells me if a Recovery Partition is present:

#!/bin/sh

recoveryHDPresent=`/usr/sbin/diskutil list | grep "Recovery HD"`
recoveryVolumePresent=`/usr/sbin/diskutil list | grep "APFS Volume Recovery"`

if [[ "$recoveryHDPresent" != "" ]] || [[ "$recoveryVolumePresent" != "" ]] ; then
    echo "<result>Present</result>"
else
    echo "<result>Not Present</result>"
fi

I've ended up modifying my "Not FV Eligible" group to ignore OS Version less than 10.13.