I've just got a new MacBook Pro, currently running macOS 10.13.6 High Sierra. As I'm the only one using it, it only has one user account, which does have admin privileges. However, I'm encountering some problems attempting to enable FileVault 2 disk encryption.
If I try the standard method of going into settings -> security & privacy, then clicking "enable FileVault", nothing happens. No error message, it just doesn't respond.
Going into terminal, I've tried running sudo fdesetup enable, which returns the following message. Error: A problem occurred while trying to enable FileVault. (-69594).
Based on a previous answer I saw on here, I then tried booting into recovery mode, and running sudo rm /var/db/.AppleSetupDone.
This tells me that the sudo command is not recognised. Alternatively, running without sudo returns /var/db/.AppleSetupDone: No such file or directory.
Basically, I've no idea what else to try, short of wiping the computer and starting from scratch. Any ideas (preferably FileVault, but I'll accept other full disk encryption methods), or is that my only option?
Best Answer
Being on MacOS Mojave 10.14.6 the following worked for me. Process was partly derived from below mentioned reddit and https://derflounder.wordpress.com/2019/02/08/unable-to-enable-filevault-on-macos-mojave/.
Tested for all user accounts on the computer in terminal the command
sudo sysadminctl -secureTokenStatus USER_NAME_HERE. It returned for all accounts "Secure token is DISABLED for user". If this is different, see below.If for all users step 1 returned "Secure token is DISABLED for user", boot into Recovery mode (reboot and hold command-R)
In Recovery mode start Terminal window (menu Utilities -> Terminal)
Execute command
resetFileVaultpasswordto change the passwords for all users.Then restart back into normal mode. For me changing all passwords resulted in TouchID becoming disabled, but I could re-enable without issues.
Now back in normal mode, terminal confirmed for command from step 1 that "Secure token is ENABLED". Go to System preferences and enable FileVault.
My understanding is that if for at least one user the return in step 1. says "Secure token is ENABLED for user", this user could be used to re-enable the desired admin user by
a) promoting the TOKEN_user to admin,
b) login with the TOKEN_user,
c) change the password of all non-TOKEN_users (according to https://www.reddit.com/r/MacOS/comments/74scld/unable_to_turn_on_filevault_on_high_sierra_apfs/do1beb1/ this will make them users with a TOKEN as well), and finally
d) change promoted TOKEN_user back to normal user.