FileVault 2 status incorrect

[mrcamuti]

Totally possible that I'm screwing something up, but "Encryption Status" on the Storage module is reporting "Encrypted" for disks that do not have encryption turned on.

Affected OS in my setup includes 10.9.5, 10.10.5, and 10.11.2.
I'm running MunkiReport Version 2.7.3.1648

[mrcamuti]

I used ARD to run Trouton's filevault_2_status_check.sh to verify, for this example.

[bochoven]

Could you please look at #375 as I think that is the same issue

[mrcamuti]

Absolutely could be the issue. I'm not familiar enough with the underlying
pieces to say, but my setup matches his description of the symptoms.

On Fri, Jan 15, 2016 at 1:57 PM, Arjen van Bochoven <
notifications@github.com> wrote:

Could you please look at #375
#375 as I think
that is the same issue

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

Could you please test if the latest commit fixes the issue?

[mrcamuti]

The Storage tab is still incorrectly reporting all drives as "Encrypted".

But... the Security report is correctly tagging computers as unencrypted.
Not sure if this is new behavior or not (I had not found the security
report before troubleshooting this issue).

On Fri, Jan 15, 2016 at 3:30 PM, Arjen van Bochoven <
notifications@github.com> wrote:

Could you please test if the latest commit fixes the issue?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[mrcamuti]

I just cross-referenced the unencrypted tag in the security report with
actual encryption state on the machines, and it's good, but not perfect.

So far: "Encyrpted" TAG in the security report correlates perfectly with
actual encryption status.
"Unencrypted" TAG is not perfectly correlated with unencrypted status
(10.10.5 rMBP with FV2 on, still reporting as "unencrypted")

On Fri, Jan 15, 2016 at 4:29 PM, steve camuti mrcamuti@gmail.com wrote:

The Storage tab is still incorrectly reporting all drives as "Encrypted".

But... the Security report is correctly tagging computers as unencrypted.
Not sure if this is new behavior or not (I had not found the security
report before troubleshooting this issue).

On Fri, Jan 15, 2016 at 3:30 PM, Arjen van Bochoven <
notifications@github.com> wrote:

Could you please test if the latest commit fixes the issue?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

Could you post the output of

/usr/local/munki/preflight.d/cache/disk.plist 

from the 10.10.5 rMBP with FV2 on, still reporting as "unencrypted"

[mrcamuti]

diskplist.zip

Sorry, holiday weekend here in the States. Here's the file you requested. It was captured a full day after the reported behavior, but hoping it's still got what you're looking for.

[bochoven]

This machine is not reporting on encryption status which may be a fault in the disk reporting script. Do you have a current version of the disk_reporting script installed? Could you check if /usr/local/munki/preflight.d/disk_info
is the same as
https://github.com/munkireport/munkireport-php/blob/master/app/modules/disk_report/scripts/disk_info

[mrcamuti]

I used diff to compare the two scripts and they're identical line by line.
I did just verify that the encryption status is still mis-reporting in the
Security report, as well as the Storage report. (Both say unencrypted, but
on the device, I verified it is encrypted note that I just thought of, we
do use an institutional key, not an individual key for encryption )

On Wed, Jan 20, 2016 at 8:49 AM, Arjen van Bochoven <
notifications@github.com> wrote:

This machine is not reporting on encryption status which may be a fault in
the disk reporting script. Do you have a current version of the
disk_reporting script installed? Could you check if
/usr/local/munki/preflight.d/disk_info
is the same as

https://github.com/munkireport/munkireport-php/blob/master/app/modules/disk_report/scripts/disk_info

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

Could you post the output of

diskutil info -plist /

[mrcamuti]

Bootable

BusProtocol

SATA

CanBeMadeBootable

CanBeMadeBootableRequiresDestroy

Content

Apple_HFS

DeviceBlockSize

512

DeviceIdentifier

disk1

DeviceNode

/dev/disk1

DeviceTreePath

IODeviceTree:/PCI0@0/SATA@1F,2/PRT0@0/PMP@0

Ejectable

FilesystemName

Journaled HFS+

FilesystemType

hfs

FilesystemUserVisibleName

Mac OS Extended (Journaled)

FreeSpace

34652688384

GlobalPermissionsEnabled

IOKitSize

249804886016

Internal

JournalOffset

365596672

JournalSize

25165824

LowLevelFormatSupported

MediaName

Macintosh HD

MediaType

Generic

MountPoint

/

OS9DriversInstalled

ParentWholeDisk

disk1

RAIDMaster

RAIDSlice

RecoveryDeviceIdentifier

disk0s3

SMARTStatus

Not Supported

SolidState

SupportsGlobalPermissionsDisable

SystemImage

TotalSize

249804886016

VolumeName

Macintosh HD

VolumeUUID

FD9F3E62-738F-3DF6-9E50-57F1C27C5434

WholeDisk

Writable

WritableMedia

WritableVolume

On Thu, Jan 21, 2016 at 2:08 PM, Arjen van Bochoven <
notifications@github.com> wrote:

Could you post the output of

diskutil info -plist /

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

This is not an encrypted disk. Why do you think it is encrypted? What does it say in the 'Security and Privacy' preference pane?

[mrcamuti]

FileVault is On. Institutional key, the usual.

On Friday, January 22, 2016, Arjen van Bochoven notifications@github.com
wrote:

This is not an encrypted disk. Why do you think it is encrypted? What does
it say in the 'Security and Privacy' preference pane?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[mrcamuti]

I can send a screenshot, if that would help.

On Friday, January 22, 2016, steve camuti mrcamuti@gmail.com wrote:

FileVault is On. Institutional key, the usual.

On Friday, January 22, 2016, Arjen van Bochoven <notifications@github.com
javascript:_e(%7B%7D,'cvml','notifications@github.com');> wrote:

This is not an encrypted disk. Why do you think it is encrypted? What
does it say in the 'Security and Privacy' preference pane?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

What does

fdesetup status 

report?

[mrcamuti]

FileVault is turned on.

On Fri, Jan 22, 2016 at 1:29 AM, Arjen van Bochoven <
notifications@github.com> wrote:

What does

fdesetup status

report?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

And

diskutil cs list

[mrcamuti]

Redacted LVVM info.

On Fri, Jan 22, 2016 at 11:08 AM, Arjen van Bochoven <
notifications@github.com> wrote:

And

diskutil cs list

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[mrcamuti]

And just to make super sure I'm not missing something obvious with the
/usr/local/munki/preflight.d/disk_info
comparison, I used diff -yI /github_version_local_copy
/emailed_version_from_client and got no output, which, as I understand it,
means they're identical. Please confirm I haven't gone nuts.

On Fri, Jan 22, 2016 at 11:40 AM, steve camuti mrcamuti@gmail.com wrote:

Redacted LVVM info.

On Fri, Jan 22, 2016 at 11:08 AM, Arjen van Bochoven <
notifications@github.com> wrote:

And

diskutil cs list

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

The corestorage output did not come through

[mrcamuti]

Just added it on GH to the comment that mentioned it.

[bochoven]

I would like some output from this machine to see what's going on with the disk_reporting script. Would you be able to provide the output of:

 /usr/sbin/diskutil list -plist
 /usr/sbin/diskutil info -plist disk1
 /usr/sbin/diskutil cs info -plist disk1

With unredacted ID strings (or globally replaced by another string)

[bochoven]

Any progress on this?

[mrcamuti]

I had zipped the files you asked for and then uploaded them through the
github web interface. I'm hoping you got them, yeah?

On Thursday, March 3, 2016, Arjen van Bochoven notifications@github.com
wrote:

Any progress on this?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

I don't have those files (maybe I lost them), could you send them again?

[mrcamuti]

I'm traveling right now, but once I'm home next week I will see if I have
them still.

And thanks for following up on this.

On Thursday, March 3, 2016, Arjen van Bochoven notifications@github.com
wrote:

I don't have those files (maybe I lost them), could you send them again?

—
Reply to this email directly or view it on GitHub
#378 (comment)
.

[bochoven]

Please open this issue again if this is still relevant.