Hey all,
I'm running Jamf Pro PoC at my work place.
Facts:
- All of our machines using OS High Sierra
- All machines using APFs filesystem
+ We're using 2 data partitions:
- / volume partition for OS and default applications
- /Volumes/data_env partition for our local tests (the volume must be used with case-sensitive option enabled)
I've enabled the FileVault2 on the / partition using Jamf configuration profile.
I've create a script-based-policy to encrypt the secondary data partition as well (/Volumes/data_env).
The only command-line I found to be valid for this task is diskutil apfs encrypt /Volumes/data_env -user disk -passphrase [secret]
So the second partition is encrypted, but I cannot access it when using Target mode or such.
My questions are:
1. How do you enable FileVault2 on multiple volumes via Jamf? (policy? configuration profile? script?)
2. Is there a way to add individual (personal) key support to unlockVolume /Volumes/data_env in-case of need?
I've found that I cannot use sudo fdesetup addenable -user [username] -personal -device /Volumes/data_env as this is not a Boot volume.
Thanks in advance.
