FileVault2 on 10.12.5 broken?

New Contributor II

We have a FileVault2 policy in Self Service, worked perfectly until 10.12.5...

After running the policy, the user has to logout and fill in their username, after clicking Ok we get this message.


Has anyone seen this before? Can someone test their FileVault2 and 10.12.5?


Valued Contributor

I saw this on a 10.12.4 machine a few weeks back. It was a new build so just trying a wipe/rebuild once more fixed it on the next go-around, but my suspicions are that the recovery partition was somehow faulty.

Valued Contributor

No issues here on a 10.12.5 laptop that I just encrypted yesterday.

Valued Contributor

I just saw this a few minutes ago. In my case the recovery partition wasn't created on a reimage, so I updated my Recovery Partition install created with Create Recovery Partition Install. Fresh copy of "install" and a fresh install of the create app. Install the new recovery partition, and no love. Looking at the partition map with diskutil list from the command line and it looks like the partition is corrupt. I've posted a bug report on the project's GitHub page, but maybe this is an OS issue?

Next step for me would be to wipe the remote machine and reimage, which is inconvenient to say the least.

Honored Contributor

I don't know if it's related but I'm seeing an issue with FileVault on 10.12.4. My imaging workflow involves throwing down an image I built with 10.12.1 and then after enrollment and joining the AD domain I install the 10.12.4 update (avoiding 10.12.5 as long as I can because of 802.1x). After fully updated to 10.12.4, I then run the filevault policy from Self Service to install the institution key and enable filevault. I reboot the Mac and login as the admin user and sit back and wait for it to complete the encryption. Previously under Mavericks, Yosemite, and El Capitan, the encryption time for a 500GB SSD using this same process took maybe 30 minutes but never longer than 1 hour - depending on the hardware. During the encrypting process, the Mac sits untouched on a workbench while plugged in for power and it set to not sleep. Since 10.12.4 I've noticed that encrypting 500GB SSDs takes many hours. I've launched Terminal and run fdesetup status periodically to monitor the progress and it is definitely slower now. I started an encryption this morning at 8:35 and it just now finished 3.5 hours later (noon)!

If this only happened on one Mac, I might be inclined to think there may be a problem with that particular SSD. However, I've seen this happen on every Mac I've imaged as new or re-imaged to 10.12.4.

Valued Contributor II

@AVmcclint : interesting. One of our local teams noticed a similar change from El Capitan to Sierra, that FVE now takes >2x as long after imaging.

Did Apple change something in Sierra with respect to encryption?