FixPedia
macOS

How to Check FileVault Disk Encryption Status on macOS

In this guide, you'll learn how to quickly check if FileVault disk encryption is activated on your Mac using either the graphical interface or command line. This is critical for protecting your data if the device is lost or stolen.

Updated at February 16, 2026
5-10 min
Easy
FixPedia Team
Применимо к:macOS 10.13 High Sierra and newerMac with Apple Silicon or Intel chip

Introduction / Why This Is Needed

FileVault is macOS's built-in full-disk encryption feature. Checking its status is a mandatory step for ensuring data security, especially if you work with confidential information or frequently transport your laptop. If the disk is not encrypted, anyone with physical access to the hard drive (or SSD) can read all files. This guide will show you how to quickly and accurately determine if protection is active, without installing third-party software.

Requirements / Preparation

Before you begin, ensure the following:

  • You have an account with administrator privileges.
  • macOS 10.13 (High Sierra) or newer is installed. Older systems use an outdated mechanism.
  • You understand that checking the status will not change any settings—this is purely diagnostic.

Step 1: Check via "System Settings" (Graphical Method)

This is the simplest and most intuitive method for most users.

  1. Click the Apple logo in the top-left corner of the screen and select "System Settings" (or "System Preferences" in older versions of macOS).
  2. In the settings window, find and open the "Security & Privacy" section.
  3. Go to the "FileVault" tab.
  4. You will see one of two statuses:
    • "FileVault is On" — the disk is encrypted. Below the status, the remaining encryption or decryption time may be indicated if the process is not yet complete.
    • "FileVault is Off" — encryption is inactive. A "Turn On FileVault" button will be next to it.

💡 Tip: If the "FileVault" tab is locked (a lock icon in the bottom-left corner of the window), click it and enter the administrator password to view the status or make changes.

Step 2: Check via Terminal (Precise Technical Method)

Terminal provides more detailed information, including the file system type and encryption algorithm. This method works even if the graphical interface is unavailable (for example, during a remote SSH connection).

  1. Open the "Terminal" application (you can find it via Spotlight by pressing Cmd + Space and typing "Terminal").
  2. Enter one of the following commands depending on your file system:

For modern systems with APFS (standard since macOS 10.13+):

sudo diskutil apfs list

For older systems with HFS+ (Mac OS Extended):

sudo diskutil cs list
  1. You will be prompted to enter the administrator password. Type it (characters are not displayed) and press Enter.
  2. In the resulting multi-line output, find the section corresponding to your system disk. Usually, this is the last block titled Apple_APFS_Container or Apple_CoreStorage.
  3. Inside that block, find the Encryption: parameter.

Example output for APFS (encryption active):

...
Encryption:         AES-XTS
...

Example output for disabled encryption:

...
Encryption:         None (unencrypted)
...

⚠️ Important: Do not confuse Encryption: with FileVault:. FileVault: may display "Yes" or "No", but the key parameter is Encryption:. If it shows AES-XTS, AES-CBC, or a similar algorithm—encryption is active.

Step 3: Alternative Method — via Recovery Mode

This method is useful if you cannot boot into the system but want to check the disk status before attempting recovery.

  1. Turn off your Mac.
  2. Turn it on and immediately hold down the Cmd + R keys until the Apple logo appears. This will boot macOS Recovery.
  3. From the top menu, select "Utilities""Terminal".
  4. In the Recovery Mode terminal, run the command:
diskutil list
  1. Find your main disk (e.g., disk1s1). Then, to check encryption, you can use:
diskutil info / | grep 'Encrypted'

If the output contains Yes:, the disk is encrypted.

Verifying the Result

You can consider the check successful if:

  • In "System Settings" → "FileVault", it explicitly states "On".
  • In the diskutil command output for the system disk, the Encryption: parameter contains an algorithm name (AES-XTS, AES-CBC), not None.

If both methods indicate that encryption is disabled, it is strongly recommended to enable it (see the related guide "How to Enable FileVault on Mac"). Enabling it will take from several minutes to several hours depending on disk size and Mac model, and it cannot be interrupted without risking data loss.

Possible Issues

ProblemCauseSolution
No access to the FileVault tabThe current user is not an administrator.Log in with an administrator account or ask an administrator to perform the check.
diskutil command does not find EncryptionAn outdated command is used, or the file system is not APFS/CoreStorage.For APFS, use exactly diskutil apfs list. Ensure you are looking at the section for the system disk, not other volumes.
Status shows "FileVault is On", but diskutil shows NoneThis can happen if only the Recovery boot partition is encrypted, not the main volume.Check the status of the main volume (usually Macintosh HD). If it is not encrypted, enable FileVault for it.
Error diskutil: command not foundTerminal is running in a very restricted environment (e.g., via a minimal-privilege remote SSH).Ensure you are running the command in a regular Terminal session on the Mac itself, not in a stripped-down environment.

F.A.Q.

Can I check encryption without administrator privileges?
What should I do if FileVault is disabled?
What encryption algorithm does FileVault use?
Does the check work for APFS and HFS+ disks?

Hints

Open System Security Settings
Use Terminal for precise status
Analyze the command output
Alternative method via Setup Assistant

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community