wave I had recently rebased from 4 9 0 to 5 2 1 I used to be

Question

wave I had recently rebased from 4 9 0 to 5 2 1 I used to be able to query the `encrypted` field to fetch the disk encryption status However after the rebase it seems that this field just returns blank I was unable to find any breaking changes in the change logs for the tags in between This change occurs specifically on linux machines my macos and windows queries seem to be fine Did I miss some change regarding this Any help would be appreciated

seph · Answer

I m not sure what you mean by `rebase` That word usually refers to code branches

seph · Answer

I assume you re talking abut the `disk encryption` table There have been some changes there but nothing breaking like that

Jonathan · Answer

ah for recent changes are you referring to <https github com osquery osquery commit 482f79b7e0fc648e8e7db74c444b6c88d4428464>

seph · Answer

I was thinking of <https github com osquery osquery pull 7382> but that hasn t merged yet

Jonathan · Answer

hm could there have been some difference in how osquery checks for encrypted since `4 9 0` If it helps i m looking at `mount type` of `ext4` `path` of ` `

seph · Answer

What are you running exactly Is this a custom fork or is this official distributed osquery Are you running as root What query are you running What is the output between these two different versions

seph · Answer

I m not sure I can help much more I don t offhand remember changes there But I d have to check the source history There s not a lot here to debug from