Deploying Encryption Management for Apple FileVault Automatically

If performing automated and mass deployments, use the tools described in Automated Deployments. This section describes automatic deployment information specific to Encryption Management for Apple FileVault.

Deploying Encryption Management for Apple FileVault Automatically

The following is the process for setting up command line scripts to automate Encryption Management for Apple FileVault deployments. This procedure assumes that you have received the following files:

  • Installer.sh

  • InstallPreCheck

  • Trend Micro Full Disk Encryption.pkg

The following is an example of the intended installation command script built using this procedure:

$ sudo /var/tmp/Installer.sh /var/tmp

The following is an example of the intended agent registration command script built using this procedure:

$ sudo“/Library/Application Support/TrendMicro/FDEMM/
RegisterDevice
HOST=10.1.152.58 ENTERPRISE=MyCompany USERNAME=User
ePASSWORD==5mih67uKdy7TlVaN2ISWGQQ=
  1. Place the installation files into the the same directory.

    Installer.sh, InstallPreCheck, and Trend Micro Full Disk Encryption.pkg must be in the same directory for automated deployment to run successfully. This procedure assumes those files have been placed in the directory /var/tmp for later example command scripts.

  2. In a command line interface, run Installer.sh with the directory of the installation files as the first parameter.

    An example command script is as follows:

    $ sudo /var/tmp/Installer.sh /var/tmp

    Installer.sh will call InstallPreCheck to check your environment for potential issues that could hinder deployment or agent use. If any issues are found, the return code of the issue will be returned. If no issues are found, Installer.sh will execute Trend Micro Full Disk Encryption.pkg to perform installation.

    For potential error codes and limitations of Encryption Management for Apple FileVault deployment, see Encryption Management for Apple FileVault Preinstallation Return Codes.

  3. If Installer.sh returns code 106, check the version of a currently installed Encryption Management for Apple FileVault agent.

    Return code 106 means that Encryption Management for Apple FileVault is already installed.

    To check the currently installed version, run the following command script:

    $ defaults read "/Applications/Encryption Management for
    Apple FileVault.app/Contents/Info.plist"
    CFBundleShortVersionString

    To check the version of the intended agent deployment package, run the following command script:

    $ /var/tmp/InstallPreCheck version

    If the intended version is later than the currently installed version, upgrade Encryption Management for Apple FileVault instead of continuing deployment. See Upgrading Encryption Management for Apple FileVault.

  4. If installation of Encryption Management for Apple FileVault proceeded successfully, run the RegisterDevice executable with your enterprise credentials as parameters to register the agent to PolicyServer.

    The RegisterDevice executable is located in the agent directory. The default RegisterDevice path is /Library/Application Support/TrendMicro/FDEMM/RegisterDevice.

    In order, add the HOST, ENTERPRISE, USERNAME, and PASSWORD arguments as parameters. Encryption Management for Apple FileVault supports encrypted values of these arguments by adding e before the argument name. For example, an encrypted argument of PASSWORD is ePASSWORD.

    For help creating the RegisterDevice command script, see Command Builder.

    The following is an example of the intended agent registration command script:

    $ sudo“/Library/Application Support/TrendMicro/FDEMM/
    RegisterDevice
    HOST=10.1.152.58 ENTERPRISE=MyCompany USERNAME=User
    ePASSWORD==5mih67uKdy7TlVaN2ISWGQQ=

    After agent registration, the Encryption Management for Apple FileVault agent deployment is complete.

Encryption Management for Apple FileVault Preinstallation Return Codes

Before performing an Encryption Management for Apple FileVault automated deployment, run Installer.sh to check your environment for potential issues that could hinder deployment or agent use. The following is a list of the potential codes that Installer.sh will return.

Note:

Do not perform Encryption Management for Apple FileVault agent deployment unless Installer.sh returns code 0.

Table 1. Return Codes

Return Code

Description

0

The endpoint is ready for Encryption Management for Apple FileVault agent deployment.

101

The operating system is not supported. Encryption Management for Apple FileVault requires Mac OS X Mountain Lion (10.7) or later.

102

The endpoint does not have sufficient disk space. Encryption Management for Apple FileVault requires at least 400 MB of free disk space.

103

Apple FileVault is enabled. Disable Apple FileVault, restart the endpoint, and try again.

104

Encryption Management for Apple FileVault does not support Apple Fusion Drive. Set a hard drive without Apple Fusion Drive as the root drive and try again.

105

Encryption Management for Apple FileVault requires Mono Framework version 2.10.11. Unistall the currently installed version and try again.

106

Encryption Management for Apple FileVault is already installed.

To check the currently installed version, run the following command script:

$ defaults read "/Applications/Encryption Management for
Apple FileVault.app/Contents/Info.plist"
CFBundleShortVersionString

To check the version of the intended agent deployment package, run the following command script:

$ <directory>/InstallPreCheck version

107

Encryption Management for Apple FileVault deployment requires administrator privileges. Use the sudo parameter when running the command script.

108

The syntax of the command script is incorrect. Specify the directory of Installer.sh in the first parameter position and try again.

For example:

$ /var/tmp/Installer.sh /var/tmp

109

Installer.sh is unable to find or run InstallPreCheck. Check that InstallPreCheck is in the same directory as Installer.sh and that you have privileges to run executable files and try again.

110

Installer.sh is unable to find Trend Micro Full Disk Encryption.pkg. Check that Trend Micro Full Disk Encryption.pkg is in the same directory as Installer.sh and try again.

111

Trend Micro Full Disk Encryption.pkg is unable to execute. Check that you have privileges to run executable files and try again.

Encryption Management for Apple FileVault Script Example

This is an example of an installation script to install Encryption Management for Apple FileVault.

Software location = /Library/Application Support/TrendMicro/FDEMM/RegisterDevice

ENTERPRISE = MyCompany

HOST = 10.1.152.58

USERNAME = User

ePASSWORD = 5mih67uKdy7TlVaN2ISWGQQ

Note:

In this example the password is encrypted.

Output to install Encryption Management for Apple FileVault:

$ sudo “/Library/Application Support/TrendMicro/FDEMM/
RegisterDevice”
HOST=10.1.152.58 ENTERPRISE=MyCompany USERNAME=User
ePASSWORD==5mih67uKdy7TlVaN2ISWGQQ=