Unable to use new "defer" login window functionality in 10.10 14A361c

Originator:rtrouton
Number:rdar://18486881 Date Originated:9-29-2014
Status:Closed Resolved:1-31-2015
Product:OS X Product Version:
Classification: Reproducible:Always
 
Summary:
I'm testing fdesetup's new ability to set up a deferred enablement and have the user prompted at the login window. It does not appear to be working in 10.10 DP 8, though it did work in earlier Developer Previews

Steps to Reproduce:
1. Install 10.10 DP 7
2. Upgrade to 10.10 DP8
3. Create new local user
4. Log in as that new local user
5. While logged in as the new local user, set up deferred enablement using the following command:

sudo fdesetup enable -keychain -defer /recover.plist -forceatlogin 0 -dontaskatlogout

6. Restart


Expected Results:
After the restart, I should be able to log in as that new local user then be forced to enabled FileVault 2 encryption.

Actual Results:
After the restart, I am able to log in as that new local user but FileVault 2 encryption is not initiated.

Version:
10.10 14A361c

Notes:
Running the following command will prompt at logout for the new local user's password then initiate FileVault 2 encryption:

sudo fdesetup enable -keychain -defer /recover.plist -forceatlogin 0


Configuration:
This behavior was observed on a 2014 13 inch MacBook Pro with a 256 GB SSD and 8 GBs of RAM. Similar behavior was observed in a VMware Fusion Pro 7 VM running 10.10 14A361c.

Comments

This issue has been verified as resolved.

This issue looks like it was fixed in 10.10.2. Closing bug report as resolved.

By rtrouton at Aug. 16, 2015, 8:45 p.m. (reply...)

Update: 19-Nov-2014 09:32 AM

This problem is still present in 10.10.1, build 14B25. Steps to reproduce and actual results are the same as with 10.10 14A361c.

By rtrouton at Nov. 19, 2014, 2:34 p.m. (reply...)

Update: 20-Oct-2014 11:56 AM

I'm still seeing this issue in the Yosemite release: 10.10, build 14A389. The behavior appears to be identical to what I saw in DP 8.

By rtrouton at Nov. 19, 2014, 2:34 p.m. (reply...)

Update: 04-Oct-2014 05:02 PM

I've updated to GM 1 build 14A379a and verified that Recovery HD is running 10.10, build 14A379a. I'm seeing the same behavior that I saw with DP 8, where running the following command does not produce a forced enablement at the OS loginwindow:

sudo fdesetup enable -keychain -defer /recover.plist -forceatlogin 0 -dontaskatlogout

By rtrouton at Nov. 19, 2014, 2:34 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!