Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog

Determining Whole Disk Encryption Status

Created: 11 Mar 2009 • Updated: 05 Nov 2012
Bryan Gillson's picture
0 0 Votes
Login to vote

Q: I need to check the encryption status for all attached disk in an shell script.  I thought that pgpwde --enum would give me a current status, but it always appears to say "wde enabled" if the disk is encrypted or not.  Do I also need to use pgpwde --disk-status on each disk?  If so, does the phrase "not instrumented by bootguard" indicate that the disk is not encrypted?

A: In a word, yes, to all of your questions.

--enum only indicates disks that are available

--disk-status has more detail not instrumented is indeed not encrypted.

There are several general states that the disk can be in:

  • not instrumented
  • instrumented
  • encrypting
  • encrypted
  • decrypting

Instrumented is not a state that is evident from the GUI, but is from the command line. It is a state where the disk can have users and state information put onto the disk. You have to be able to store user data on the disk before the disk is encrypted.