Verify Time Machine Encryption from the Command-Line?
Is it possible to verify whether a given Time Machine volume (for example, returned by tmutil machinedirectory) has encryption turned on? This is for regulatory compliance, so it needs to be fully scriptable.
Solution 1:
If you know the UUID before you mount the disk you can use:
diskutil coreStorage list XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
This will give the following output.
Logical Volume Family XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
----------------------------------------------------------
Encryption Status: Unlocked
Encryption Type: AES-XTS
Conversion Status: Complete
Conversion Direction: -none-
Has Encrypted Extents: Yes
Fully Secure: Yes
Passphrase Required: Yes
If you know the mountpoint of the disk, you can get the UUID by the following command.
diskutil info /MOUNTPOINT | grep UUID | awk '{print $3}'
And if you do not know the mountpoint you can always run
diskutil coreStorage list
A MacMini with two encrypted drives (Macintosh SSD & Backup Mini) will give the following output.
CoreStorage logical volume groups (2 found)
|
+-- Logical Volume Group XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
| =========================================================
| Name: Macintosh SSD
| Status: Online
| Size: 250140434432 B (250.1 GB)
| Free Space: 16777216 B (16.8 MB)
| |
| +-< Physical Volume XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
| | ----------------------------------------------------
| | Index: 0
| | Disk: disk0s2
| | Status: Online
| | Size: 250140434432 B (250.1 GB)
| |
| +-> Logical Volume Family XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
| ----------------------------------------------------------
| Encryption Status: Unlocked
| Encryption Type: AES-XTS
| Conversion Status: Complete
| Conversion Direction: -none-
| Has Encrypted Extents: Yes
| Fully Secure: Yes
| Passphrase Required: Yes
| |
| +-> Logical Volume XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
| ---------------------------------------------------
| Disk: disk2
| Status: Online
| Size (Total): 249804886016 B (249.8 GB)
| Size (Converted): -none-
| Revertible: Yes (unlock and decryption required)
| LV Name: Macintosh SSD
| Volume Name: Macintosh SSD
| Content Hint: Apple_HFS
|
+-- Logical Volume Group XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
=========================================================
Name: Backup Mini
Status: Online
Size: 999860912128 B (999.9 GB)
Free Space: 0 B (0 B)
|
+-< Physical Volume XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
| ----------------------------------------------------
| Index: 0
| Disk: disk3s2
| Status: Online
| Size: 999860912128 B (999.9 GB)
|
+-> Logical Volume Family XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
----------------------------------------------------------
Encryption Status: Unlocked
Encryption Type: AES-XTS
Conversion Status: Complete
Conversion Direction: -none-
Has Encrypted Extents: Yes
Fully Secure: Yes
Passphrase Required: Yes
|
+-> Logical Volume XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
---------------------------------------------------
Disk: disk5
Status: Online
Size (Total): 999542136832 B (999.5 GB)
Size (Converted): -none-
Revertible: No
LV Name: Backup Mini
Volume Name: Backup Mini
Content Hint: Apple_HFS