How to Determine if a Mac Is Using FileVault from the Command Line
FileVault is a security feature that offers full disk encryption for Macs. Identifying Macs that are using FileVault is fairly easy in person for machines that have a logged in user account, all you have to do is check System Preferences to see if has been enabled or not. But what if you the Mac is either not logged into a user account, or what if you need to identify Filevault usage remotely? Both of these situations can call for using the command line to figure out the status of disk encryption.
From the command line (either remotely, or locally) enter the following command string:
sudo fdesetup status
There are only two possible responses to that command query, and the results are impossible to misidentify because you’ll either see:
FileVault is On.
Indicating FileVault encryption is enabled on that specific Mac, or you’ll see:
FileVault is Off.
Which of course tells you the Mac is not using the full disk encryption.
This command line trick can be helpful when trying to identify a Mac using FileVault encryption when logged in remotely through SSH, Screen Sharing with VNC, or when booting into the command line through Single User Mode. A quick note about the latter situation; modern Macs with FileVault enabled will not allow a user to enter into Single User Mode without entering an administrator password beforehand, thus if the login screen pops up much earlier in the OS X boot process then you can also determine that the Mac has FileVault turned on.
Now that a Mac has been determined to be using Filevault or not, the next obvious question would be whether or not you can turn on FileVault through the command line as well. The answer to that is yes, and you’d need to be using the same fdesetup command. We’ll cover that more thoroughly in another article, but for those interested now you can turn to the fdesetup man page for more immediate information.