Determining Whole Disk Encryption Status
Q: I need to check the encryption status for all attached disk in an shell script. I thought that pgpwde --enum would give me a current status, but it always appears to say "wde enabled" if the disk is encrypted or not. Do I also need to use pgpwde --disk-status on each disk? If so, does the phrase "not instrumented by bootguard" indicate that the disk is not encrypted?
A: In a word, yes, to all of your questions.
--enum only indicates disks that are available
--disk-status has more detail not instrumented is indeed not encrypted.
There are several general states that the disk can be in:
- not instrumented
Instrumented is not a state that is evident from the GUI, but is from the command line. It is a state where the disk can have users and state information put onto the disk. You have to be able to store user data on the disk before the disk is encrypted.