FileVault2 system meet requirements?

krichterjr
Contributor

Does anyone already have a EA or script that tells you if a system meets all the requirements for FileVault 2? Something that checks OS version, confirms there is a Recover HD, checks for FileVault 1, etc...

No use reinventing the wheel if there is something else out there. If not, I'll start putting something together : )

3 REPLIES 3

krichterjr
Contributor

So I've pieced together a script to tell me if the computer meets the qualifications for FileVault 2 and thought I would share. I'm no pro so if you see something I missed please feel free to share.

# First let's check the OS version
OSversionfull=`sw_vers -productVersion`
OSversion=${OSversionfull:3:1}

if [[ $OSversion -lt 7 ]]; then
echo "<result>FileVault 2 Encryption Not Available For This Version Of Mac OS X</result>"
exit 0
else


# Now let's check to see if there is the required Recovery HD.
# This does not check to see if this is Recovery HD is good.
Recovery=`diskutil list | grep "Apple_Boot Recovery HD"`

if [[  -z $Recovery ]]; then
echo "<result>FileValut 2 Encryption Not Available Without Recovery HD</result>"
exit 0
else


# Last let's check to see if the User is was using FileVault 1.
User=`last | grep console | cut -f 1 -d ' ' | sort | uniq -c | sort -nr | head -1 | awk '{print $2}'`
FV1=`dscl . -read /Users/"$User" | grep sparsebundle | awk '{print $1}'`

if [ "$FV1" == "HomeDirectory:" ]; then
echo "<result>An Earlier Version of FileVault Exists</result>"
exit 0
else
echo "<result>Ready for FileVault 2</result>"
fi
fi
fi

mm2270
Legendary Contributor III

Looks good for the most part, though the command to pull the "User" seems a bit more complicated than it needs to be to me, and in some cases may give you bad results. You might be better off looping through all local account home directories above UID 500 and looking for the sparsebundle file in each one with the dscl command.

Also, for the future, you don't need to grep for "console" with the last command. You can specify the tty you want to filter for with -t:

last -t console

will display all console logins from last, ignoring any Terminal (ttys) logins.

krichterjr
Contributor

Thanks Mike for the suggestions.