You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Nicolas Online
Nicolas Online Author
User level: Level 1
108 points

Disk Encryption Questions

Hello,


I have a couple of questions about disk encryption.


  1. I am about to format my mac and install a fresh copy of High Sierra. I wander if there is a way to turn on FileVault before installing macOS? Or if it is impossible, since FileVault will need to be turned on once in the Operating System. In other words the only way to ever turn on FileVault is with macOS already installed?
  2. I have a late 2013 MacBook Pro and use the SD card slot space in which I have a 128 GB drive that I use as a 'Scratch' Disk. In other words for applications like Photoshop, blender, DaVinci Resolve etc that require you to select a disk where temp files and operations are being used. If I switch that SD drive from APFS to APFS (Encrypted) will that affect the performance of the applications that use the drive? The reason I'd want it encrypted is I move around often with my Mac and if it's ever stolen the SD drive can just be taken out and read by prying eyes.


Thanks,


Nick

MacBook Pro 15", 10.13

Posted on Feb 1, 2019 11:29 AM

Reply
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
50,698 points

Posted on Feb 1, 2019 12:40 PM

Hello,

1) Maybe. In the past, I used to do this all the time. I would boot from an external hard drive, format the internal as HFS/APFS encrypted, and install the operating system. When setting up the first user after install, there would be a checkbox to give that user unlocking privileges and I would be all set. In some cases, I used the fdesetup tool from recovery to remove an extra “unlock” user at boot up.


However, this process does not seem to work with Mojave. At least, I had trouble with it and did it the “official” way. On High Sierra, it should still work. Just remember that this procedure is really only safe with a new hard drive. If you had unencrypted data on the drive before, it will still be there and still be unencrypted. It appears that the “official” way will encrypt all free space too, effectively doing everything it can to make the drive secure, within the limits of the media.


2) Formatting an SD card as APFS encrypted shouldn’t adversely affect its performance. An SD card is already pretty slow. The CPU should have no problem staying ahead of the media while encrypting or decrypting. Using an SD card may make those apps slower than they could otherwise be.

View in context

Similar questions

4 replies
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
50,698 points

Feb 1, 2019 12:40 PM in response to Nicolas Online

Hello,

1) Maybe. In the past, I used to do this all the time. I would boot from an external hard drive, format the internal as HFS/APFS encrypted, and install the operating system. When setting up the first user after install, there would be a checkbox to give that user unlocking privileges and I would be all set. In some cases, I used the fdesetup tool from recovery to remove an extra “unlock” user at boot up.


However, this process does not seem to work with Mojave. At least, I had trouble with it and did it the “official” way. On High Sierra, it should still work. Just remember that this procedure is really only safe with a new hard drive. If you had unencrypted data on the drive before, it will still be there and still be unencrypted. It appears that the “official” way will encrypt all free space too, effectively doing everything it can to make the drive secure, within the limits of the media.


2) Formatting an SD card as APFS encrypted shouldn’t adversely affect its performance. An SD card is already pretty slow. The CPU should have no problem staying ahead of the media while encrypting or decrypting. Using an SD card may make those apps slower than they could otherwise be.

Reply
User profile for user: BDAqua
BDAqua
User level: Level 10
245,177 points

Feb 1, 2019 12:37 PM in response to Nicolas Online

Hi Nick,


Format the target disk "Mac OS Extended (Journaled)" - but not encrypted.

Install macOS Sierra on the fresh, unencrypted disk.

Finally, turn on disk encryption (called FileVault). This can be done near the end of installing Sierra (it prompts you if you want encryption), or after the install is done. Either way is fine.



On #2, what is the R&W speeds of it? If there is a speed for constantly encrypting/decrypting diff I think an Encrypted Disk Image might solve that by only needing theb key when mounting it.

Reply

Disk Encryption Questions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up