You can make a difference in the Apple Support Community!

When you sign up with your Apple ID, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: sfromgi
sfromgi Author
User level: Level 1
95 points

M1 mac, is filevault needed?

This article says that the M1 HW disk encryption is pointless, and that it can be trivially bypassed without password using the recovery "share disk". I.e. anyone who steals you mac can access all the data.


While I find this hard to believe, other people also say you need file vault to make M1 macs secure from thieves.


When I configured my M1 from scratch, I dont remember it asking anything about filevault. If it had I would have enabled it, as its pretty mandatory on older macs to guard against theft.


so the question is, can a thief easily access the M1 data if it has disk encryption alone, or do we need to also put filefault on top?


If the disk encryption is not bypassable (e.g. it needs your password to put it in the M1 equivalent of target mode, aka SMB share), then why would anyone use file vault as well?





MacBook Pro with Touch Bar

Posted on Mar 6, 2021 3:01 PM

Reply

Similar questions

4 replies
User profile for user: babowa
babowa
User level: Level 9
78,369 points

Mar 6, 2021 3:14 PM in response to sfromgi

And, a different opinion: unless you live in a neighborhood where break ins are "normal", I am hoping that my iMac does not have a high chance of being stolen as they'd have to get into our house first and then find it. It is also not as easy to carry as a laptop and they'd have to figure out all the cords, etc. So, sticking with that hopeful outlook, I've not used filevault. I've got a good login password and 2FA, so by the time the thieves are in my records/files, I will have had time to lock it and/or erase it. I've got bootable clones = I'll just need a replacement to clone the system to and I'll be back up running.

Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
114,802 points

Mar 6, 2021 3:27 PM in response to sfromgi

While I find this hard to believe

What is hard to believe?

All Macs since about 2018 are encrypted with the T2 chip (or maybe something beyond that), but they are automatically decrypted when you boot up. The only thing that would protect from is if they pull out the drive.


If you need to secure it, turn on FileVault. That will require you to enter your login credentials to decrypt the drive.

Nothing about the encryption changes, just the way in which it is decrypted.

Reply

M1 mac, is filevault needed?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up