You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

M1 mac, is filevault needed?

This article says that the M1 HW disk encryption is pointless, and that it can be trivially bypassed without password using the recovery "share disk". I.e. anyone who steals you mac can access all the data.


While I find this hard to believe, other people also say you need file vault to make M1 macs secure from thieves.


When I configured my M1 from scratch, I dont remember it asking anything about filevault. If it had I would have enabled it, as its pretty mandatory on older macs to guard against theft.


so the question is, can a thief easily access the M1 data if it has disk encryption alone, or do we need to also put filefault on top?


If the disk encryption is not bypassable (e.g. it needs your password to put it in the M1 equivalent of target mode, aka SMB share), then why would anyone use file vault as well?





MacBook Pro with Touch Bar

Posted on Mar 6, 2021 3:01 PM

Reply
4 replies

Mar 6, 2021 3:14 PM in response to sfromgi

And, a different opinion: unless you live in a neighborhood where break ins are "normal", I am hoping that my iMac does not have a high chance of being stolen as they'd have to get into our house first and then find it. It is also not as easy to carry as a laptop and they'd have to figure out all the cords, etc. So, sticking with that hopeful outlook, I've not used filevault. I've got a good login password and 2FA, so by the time the thieves are in my records/files, I will have had time to lock it and/or erase it. I've got bootable clones = I'll just need a replacement to clone the system to and I'll be back up running.

Mar 6, 2021 3:27 PM in response to sfromgi

While I find this hard to believe

What is hard to believe?

All Macs since about 2018 are encrypted with the T2 chip (or maybe something beyond that), but they are automatically decrypted when you boot up. The only thing that would protect from is if they pull out the drive.


If you need to secure it, turn on FileVault. That will require you to enter your login credentials to decrypt the drive.

Nothing about the encryption changes, just the way in which it is decrypted.

M1 mac, is filevault needed?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.