Please help me to understand the meaning of below filevalut encryption status.
Value Description
On - Fully Encrypted
Off - Fully Decrypted
On\nprogress - Encryption In Progress
Off\nappear - ?
On\nkeychai - ?
So basically I want to understand what does mean Off\nappear and On\nkeychai ?
thank you.
nilesh1988 wrote:
Its not a problem with a code or my MDM tool.
Obviously, it is.
Because even if i run the command directly in terminal "sudo fdesetup status" I get below results in some of our macs.
Off\nappear - ?
On\nkeychai - ?
So i am just trying to understand what is the meaning of that result.
There is no meaning. Your script is invalid. Full stop.
You cannot assume that any system tool is going to give valid and predictable results in 100% of cases, on 100% of computers. That has never happened. You cannot parse the output from such tools with something like "| awk {'print$3'} | rev | cut -c 2- | rev". It's simply wrong.
Even if the tool provided true, machine readable output like XML, that still does not abrogate your responsibility to handle error cases, or handle result codes, or standard output vs. standard error, or gracefully handle unexpected output.
You can easily run "strings" on fdesetup to see what that "appear" and "keychai" phrases probably mean. Of course, that doesn't mean that situation is actually true. This could simply be a bug in fdesetup that is only being triggered in rare cases. Or maybe you are doing something else funky. Or maybe there is some strange system interaction happening that is specific to these machines. You don't even need to run "sudo" at all to get the status. That alone introduces a whole different level of complexity.
nilesh1988 wrote:
We are getting that result in our MDM solution report and that values are displayed in Filevault encryption status column.
Using below script to get the Filevault status result.
#!/bin/sh
fv2=`sudo fdesetup status | awk {'print$3'} | rev | cut -c 2- | rev`
echo "$fv2"
And how much did you pay for that?
This tool, and any tool really, can spit out all kinds of different messages depending on all kinds of different scenarios. Scripting command-line tools isn't difficult. I do it all the time. But just piping the output through several other primitive tools and expecting to get anything other than garbage on the other side is just wishful thinking.
Use a real scripting language to read the output from the tool. Then look for the specific strings that you expect to see and you have logic to handle. Then add a case to handle other, unexpected output.
We are getting that result in our MDM solution report and that values are displayed in Filevault encryption status column.
Using below script to get the Filevault status result.
#!/bin/sh
fv2=`sudo fdesetup status | awk {'print$3'} | rev | cut -c 2- | rev`
echo "$fv2"
Its not a problem with a code or my MDM tool.
Because even if i run the command directly in terminal "sudo fdesetup status" I get below results in some of our macs.
Off\nappear - ?
On\nkeychai - ?
So i am just trying to understand what is the meaning of that result.
Where are you getting this information from?
FileVault encryption status description
