Encrypting an Mac (MDM) with FileVault - Recovery Key is WWWW-XXXX-YYYY-ZZZZ

Number:rdar://38416269 Date Originated:2018-03-13
Status:open Resolved:
Product:macOS + SDK Product Version:
Classification:Security Reproducible:yes
Try to encrypt an apfs formatted Mac with FileVault (mdm managed!) and select in the FileVault preferences "Do not store the recovery key". After clicking on continue you get exactly the following "recovery key" "WWWW-XXXX-YYYY-ZZZZ". The encryption process will fail with an internal error, if you click the next continue. 

Steps to Reproduce:
1. Setting up FileVault throw the macOS preferences
2. Select "Do not store the recovery key"
2.1 Recovery key is "WWWW-XXXX-YYYY-ZZZZ"
3. Continue - FileVault failed with "an internal error has occurred."

Expected Results:
APFS: Get an valid recovery key like "A1B2-9ADC-...-...-...-..."
HFS: Get an valid recovery key like "A1B2-9ADC-...-...-...-..."

Actual Results:
APFS: Recovery key is exactly "WWWW-XXXX-YYYY-ZZZZ"
HFS: Get an valid recovery key like "A1B2-9ADC-...-...-...-..."

macOS 10.13.2 and newer

* Jamf Pro 10.2.1 (and Jamf Pro 10.2.2)
* macOS High Sierra with APFS
* MDM FileVault redirection configuration profile (personal recovery key, manage automatically)



Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!