From c1c64aba4117e5383556481c7daa2f71d49b3e04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Falconnier?= Date: Fri, 15 Mar 2024 10:07:07 +0100 Subject: [PATCH] Workaround for FileVault in SA for macOS 14.4 --- tests/mdm/test_setup_filevault_command.py | 2 +- zentral/contrib/mdm/commands/setup_filevault.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/mdm/test_setup_filevault_command.py b/tests/mdm/test_setup_filevault_command.py index d99d4429c7..5aadbbcdf1 100644 --- a/tests/mdm/test_setup_filevault_command.py +++ b/tests/mdm/test_setup_filevault_command.py @@ -218,7 +218,7 @@ def test_build_command_awaiting_configuration_true_macos_14(self, sign_payload): if sub_payload_type == "com.apple.MCX.FileVault2": self.assertTrue(sub_payload["ForceEnableInSetupAssistant"]) self.assertEqual(sub_payload["ShowRecoveryKey"], filevault_config.show_recovery_key) - self.assertNotIn("Defer", sub_payload) + self.assertTrue(sub_payload["Defer"]) # macOS 14.4 workaround self.assertNotIn("DeferDontAskAtUserLogout", sub_payload) self.assertNotIn("DeferForceAtUserLoginMaxBypassAttempts", sub_payload) self.assertEqual(sub_payload["PayloadIdentifier"], "com.zentral.mdm.fv.configuration") diff --git a/zentral/contrib/mdm/commands/setup_filevault.py b/zentral/contrib/mdm/commands/setup_filevault.py index 1249f52f23..c1bc4d7c8e 100644 --- a/zentral/contrib/mdm/commands/setup_filevault.py +++ b/zentral/contrib/mdm/commands/setup_filevault.py @@ -90,7 +90,10 @@ def build_payload(enrolled_device): } fv_config = config["PayloadContent"][0] if enrolled_device.awaiting_configuration and enrolled_device.comparable_os_version >= (14,): - fv_config["ForceEnableInSetupAssistant"] = True + fv_config.update({ + "ForceEnableInSetupAssistant": True, + "Defer": True, # macOS 14.4 workaround TODO: re-evaluate later + }) else: fv_config.update({ "Defer": True,