Open Radar

 
Summary:
When testing APFS encryption, I noticed that running the following command with root privileges reported both the single FileVault-enabled user and a second enabled user listed as `(null)`.

fdesetup list

Steps to Reproduce:
1. Install macOS 10.14 Beta 4. build 17A315i
2. Convert boot drive to Apple File System (APFS) as part of OS installation
3. Turn on encryption on APFS boot drive and enable one user
4. Run the following command with root privileges to check the list of enabled users:

fdesetup list


Expected Results:
I expected to see the following output:

computername:~ username$ sudo fdesetup list
username,8B2A80E9-4223-4123-9178-32B43A69A46E
computername:~ username$

Actual Results:
I saw the following output:

computername:~ username$ sudo fdesetup list
username,8B2A80E9-4223-4123-9178-32B43A69A46E
(null),EBC6C064-0000-11AA-AA11-00306543ECAC
computername:~ username$

Version:
10.13 Beta 4 (17A315i)

Notes:
When I checked the list of enabled users using a different method, I saw that an entry with the same UUID (EBC6C064-0000-11AA-AA11-00306543ECAC) was listed as `Personal Recovery` (see attached screenshot.)

computername:~ username$ sudo fdesetup list
username,8B2A80E9-4223-4123-9178-32B43A69A46E
(null),EBC6C064-0000-11AA-AA11-00306543ECAC
computername:~ username$ diskutil apfs listCryptoUsers disk1s1
Cryptographic users (2 found)
|
+-- 8B2A80E9-4223-4123-9178-32B43A69A46E
|   Type: Local Open Directory
|
+-- EBC6C064-0000-11AA-AA11-00306543ECAC
    Type: Personal Recovery
 
computername:~ username$