Cannot enable FileVault on macOS High Sierra
I've just got a new MacBook Pro, currently running macOS 10.13.6 High Sierra. As I'm the only one using it, it only has one user account, which does have admin privileges. However, I'm encountering some problems attempting to enable FileVault 2 disk encryption.
If I try the standard method of going into settings -> security & privacy, then clicking "enable FileVault", nothing happens. No error message, it just doesn't respond.
Going into terminal, I've tried running sudo fdesetup enable
, which returns the following message. Error: A problem occurred while trying to enable FileVault. (-69594)
.
Based on a previous answer I saw on here, I then tried booting into recovery mode, and running sudo rm /var/db/.AppleSetupDone
.
This tells me that the sudo command is not recognised. Alternatively, running without sudo returns /var/db/.AppleSetupDone: No such file or directory
.
Basically, I've no idea what else to try, short of wiping the computer and starting from scratch. Any ideas (preferably FileVault, but I'll accept other full disk encryption methods), or is that my only option?
Being on MacOS Mojave 10.14.6 the following worked for me. Process was partly derived from below mentioned reddit and https://derflounder.wordpress.com/2019/02/08/unable-to-enable-filevault-on-macos-mojave/.
Tested for all user accounts on the computer in terminal the command
sudo sysadminctl -secureTokenStatus USER_NAME_HERE
. It returned for all accounts "Secure token is DISABLED for user". If this is different, see below.If for all users step 1 returned "Secure token is DISABLED for user", boot into Recovery mode (reboot and hold command-R)
In Recovery mode start Terminal window (menu Utilities -> Terminal)
Execute command
resetFileVaultpassword
to change the passwords for all users.Then restart back into normal mode. For me changing all passwords resulted in TouchID becoming disabled, but I could re-enable without issues.
Now back in normal mode, terminal confirmed for command from step 1 that "Secure token is ENABLED". Go to System preferences and enable FileVault.
My understanding is that if for at least one user the return in step 1. says "Secure token is ENABLED for user", this user could be used to re-enable the desired admin user by
a) promoting the TOKEN_user to admin,
b) login with the TOKEN_user,
c) change the password of all non-TOKEN_users (according to https://www.reddit.com/r/MacOS/comments/74scld/unable_to_turn_on_filevault_on_high_sierra_apfs/do1beb1/ this will make them users with a TOKEN as well), and finally
d) change promoted TOKEN_user back to normal user.
You don't need to boot into recovery mode to run
sudo rm /var/db/.AppleSetupDone
Try it again from your normal volume. That will make your Mac think it is the first time you have started up, and will run through the setup process again. That should mean that the new user you create in that process has the power to enable FileVault. However, that should have happened the first time.
If that doesn't work, I can recommend a couple of sites for background info:
https://www.reddit.com/r/MacOS/comments/74scld/unable_to_turn_on_filevault_on_high_sierra_apfs/
https://derflounder.wordpress.com/?s=filevault
I had a slightly different problem than yours, but the same error code (-69594) when trying to add the ability to unlock FileVault for a particular non-admin user. The user in question didn't have the SecureToken status. I solved it by deleting the AppleSetupDone file, creating a new temporary admin user, logging in as that user, and giving the non-admin user the SecureToken status with the sysadminctl command described in the Reddit article