FileVault

FileVault is a OS X build-in method for on the fly encryption and decryption of your internal hard disk. OS X Lion and Mountain Lion are using FileVault 2, with version 2 it is possible to encrypt the entire disk and not only the users home folder. FileVault uses the XTS-AES 128 encryption and because of CPU optimizations there is almost no noticeable performance issue with the on the fly encryption and decryption process.

Booting from an encrypted system disk is not possible. So apple needed to think of something to authenticate the user and start decrypting the system disk before accessing it. Apple designed it to boot from the recovery partition and present the login window. When a user enters the right credentials the decryption key is accessed, with the decryption key the system volume is decrypted.

FileVault can be enabled by going to the Security and Privacy pane in the system preferences. When enabling FileVault on systems with multiple local users it is possible to allow every user to unlock the computer. During the setup you will get a recovery key, this key can be used if all the user passwords are lost. The recovery key should be stored somewhere safe!

Knipsel

You can also choose to store the recovery key with Apple. To do this you need to choose three questions and provide three answers. After storing the recovery key the systems needs to restart. When the system is restarted the encryption process begins. During the encryption process the mac can be used normally. With the following command the process can be watched in the terminal:

diskutil cs list

In the output you can see after “Size (Converted):” how many GB have been encrypted so far.

diskutiloutput

When the process is finished the result will be “-none-“. The process can also be monitored in the FileVault menu:

encryption

When booting your system and you have forgotten your password you can enter your recovery key after three bad passwords. With the recovery key the system disk is decrypted and after the boot it is possible to set a new password. When the recovery key is stored with Apple you need to call AppleCare. Here you give the macs serial number and answer the three security questions. When the recovery key is lost and it is not stored with Apple there is no way to recover the data on the disk.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s