Hopefully this will make sense if I demonstrate with terminal commands exactly what is going on:
$diskutil apfs listCryptoUsers /
Cryptographic user (1 found)
|
+-- 75E7055D-AC41-4786-9632-3B588A1842AC
Type: Disk User$ sudo fdesetup list -extended
Password:
ESCROW UUID TYPE USER
75E7055D-AC41-4786-9632-3B588A1842AC Unknown User$ sudo fdesetup add -usertoadd [shortUserName]
Password:
Enter the user name:disk
Enter the password for user 'disk':
Enter the password for the added user '[shortUserName]':
Error: User 'disk' could not be found.
OD user 'disk' could not be authenticated.
Error: Unable to add one or more users to FileVault. (11)The above steps demostrate the issue. Essentially, no user can be added to FileVault users because there is no way to specify the disk user to the fdesetup tool to authenticate for adding a user. I have filed a bug report and it was marked duplicate and is currently open. Bug report has been open since 10.13.0 beta 2. The error number (in this case 11) has changed over various betas and releases, and the prompts for fdesetup have changed slightly over time, but still unable to add a user to FileVault.
Any thoughts on a workaround (other than decrypt / re-encrypt)?
