Been racking my brain for the past week. FileVault 2 enables file with an institutional recovery key, but as soon as you log in again after the reboot, it’ll freeze at either the 50% or 75% in the progress bar. HOWEVER, you can successfully authenticate when booting with Safe Mode.
At first I thought it was our AV solution that installed unsigned extensions and SIP was somehow involved. However I ruled that out after testing. Finally I thought to test my profiles (there’s ~23 of them) and found that one in particular breaks FileVault.
The culprit is:
com.apple.loginwindow
Forced
mcx_preference_settings
AdminMayDIsableMCX
Obviously this isn’t the whole profile. I just included the main parts.
In Googling I also found one other person experiencing this issue (see here). As of yet I don’t know why this key breaks FV. Time to do more research.