Related:
- https://www.bigfix.me/fixlet/details/20254
- https://bigfix.me/analysis/details/2994532
- https://bigfix.me/analysis/details/2994554
- https://bigfix.me/fixlet/details/2569
- Use of usb plane of iokit registry for Mac OS X
- https://bigfix.me/analysis/details/2994552
One issue is that the relevance isn’t exactly the same for SATA drives vs PCI-Express AHCI SSDs vs PCI-Express NVMe SSDs. It will be a bit of a challenge to come up with a good way to generalize it.
This has some good info: https://github.com/facebook/osquery/issues/911
This command will give you the info that needs to be queried:
ioreg -c CoreStorageLogical
This is part way there, with better generalization:
strings of values of entries whose(key of it = "Model") of dictionaries of nodes "Appl AHCI" of it) of nodes of nodes of nodes of nodes "AppleACPIPCI" of nodes whose(name of it starts with "PCI") of nodes "AppleACPIPlatformExpert" of service plane of iokit registry
The most important thing to remember when writing iokit or plist relevance is that E: The operator "string" is not defined. is a “good error”. It means you are returning results, but just results without a string representation.