IMPORTANT NOTE: Running this script with 'sudo' on a macOS Catalina system with NO SecureToken user yet, will result in granting the admin account used to authenticate with 'sudo' a SecureToken. So make sure you are aware of the current SecureToken situation before running the script with admin privileges. This to be able to compare the situation before and after running the full report.
Script to grab all FileVault information for troubleshooting
This can be executed locally with 'sudo' or via a Jamf Pro Policy.
The script will put a timestamped .txt file on the logged-in user's Desktop
Latest version: V2.2
################ FileVault Report ################
######################################################## WARNING: this file may contain CONFIDENTIAL INFORMATION! DELETE unwanted information before sharing! DELETE file from Mac when not needed anymore! ########################################################
Serial Number: XXX Computer Name: Frederick’s MacBook Pro macOS Version: 10.15.6 macOS Build: 19G2021
Is mobile account: NO
Is admin account: YES
frederick.abeloos ttg
frederick.abeloos ttg
(fdesetup status)
FileVault is On. FileVault master keychain appears to be installed.
(/usr/sbin/diskutil list | grep Recovery)
3: APFS Volume Recovery 528.9 MB disk1s3
(disktutil apfs listusers /)
Cryptographic users for disk1s5 (4 found) | +-- FB756838-XXXX-XXXX-XXXX-40FB5E7D5D3F | Type: Local Open Directory User | +-- EBC6C064-XXXX-XXXX-XXXX-00306543ECAC | Type: Personal Recovery User | +-- C22BDCD3-XXXX-XXXX-XXXX-65D3332605C3 | Type: Local Open Directory User | +-- 2457711A-XXXX-XXXX-XXXX-F48A571D5036 Type: MDM Bootstrap Token External Key
(sudo fdesetup list -extended)
ESCROW UUID TYPE USER FB756838-XXXX-XXXX-XXXX-40FB5E7D5D3F OS User frederick.abeloos EBC6C064-XXXX-XXXX-XXXX-00306543ECAC Personal Recovery Record C22BDCD3-XXXX-XXXX-XXXX-65D3332605C3 OS User ttg 2457711A-XXXX-XXXX-XXXX-F48A571D5036 Bootstrap Token
(sudo profiles status -type bootstraptoken)
profiles: Bootstrap Token supported on server: NO
(sudo fdesetup showdeferralinfo)
{ Defer = 1; OutputPath = "/var/db/ConfigurationProfiles/fdesetup.plist"; ProfileUUID = "418DEB1B-XXXX-XXXX-XXXX-60BC894B1558"; ShowRecoveryKey = 1; Usernames = ( ); }
(/var/db/ConfigurationProfiles/fdesetup.plist)
EnabledDate 2019-11-04 18:06:29 +0100 EnabledUser frederick.abeloos HardwareUUID F6329A14-XXXX-XXXX-XXXX-E831DB218AB5 RecoveryKey 3QKM-XXXX-XXXX-XXXX-XXXX-XXXX SerialNumber XXXXPRK found in OutPut Path: 3QKM-XXXX-XXXX-XXXX-XXXX-Q4AB
PRK Valid: true
############################################################ Report script provided by Travelling Tech Guy Blog: https://travellingtechguy.blog GitHub: https://github.com/TravellingTechGuy/reportFileVault ############################################################