Apple Intelligence is now available on iPhone, iPad, and Mac!

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Secure Erase SSD / File Vault

Is all data on the Mac SSD unretrievable if I turn on FileVault and erase all data and macOS with macOS‘ built in erase option? Even if FileVault wasn‘t turned on in a previous „life“/ a previous user.

MacBook Air (M1, 2020)

Posted on Apr 20, 2023 12:36 PM

Reply
Question marked as Top-ranking reply

Posted on Apr 20, 2023 12:48 PM

If you simply turn on FileVault the data will become unretrievable without the passcode. No need to erase the drive.

When turned on, FV will encrypt the entire contents of the drive. This may take some time depending on the type – hdd, ssd – and capacity of the drive.


Please see: Encrypt Mac data with FileVault - Apple Support


4 replies
Question marked as Top-ranking reply

Apr 20, 2023 12:48 PM in response to MaxNATHL

If you simply turn on FileVault the data will become unretrievable without the passcode. No need to erase the drive.

When turned on, FV will encrypt the entire contents of the drive. This may take some time depending on the type – hdd, ssd – and capacity of the drive.


Please see: Encrypt Mac data with FileVault - Apple Support


Apr 20, 2023 1:21 PM in response to MaxNATHL

That is a good question.

I don't believe FV will encrypt what the OS considers to be unused space on the drive.


You probably know that files that have been deleted aren't actually removed from the drive, but their storage blocks are marked as unused/reusable. Over time, those blocks will be overwritten by other data, exactly why data retrieval becomes more difficult if a drive remains in continuous use. I believe FV ignores any data in this "unused" space.


As I understand it, FV encrypts OS accessible data currently indexed in the drive directories and new data as it gets written to the drive.



NOTE – when erasing a storage device, if available, click Security Options, use the slider to choose how many times to write over the erased data, then click OK. If this option is available, then there will be no data in need of encryption.


Secure erase options are available only for some types of storage devices. If the Security Options button is not available, Disk Utility cannot perform a secure erase on the storage device.


Writing over the data three times meets the U.S. Department of Energy standard for securely erasing magnetic media. Writing over the data seven times meets the U.S. DOD standard.


Apr 22, 2023 6:42 PM in response to MaxNATHL

With an SSD, all you need to do is a simple erase with Disk Utility. Due to how SSDs work, this is enough to destroy all data on the SSD (especially when Trim is enabled, which it is with an Apple OEM SSD). I've confirmed this is the case on an Apple OEM SSD. I've never verified how quickly a non-Apple SSD without TRIM enabled will become zeroed.


I'm not certain about how FileVault works, but I was under the impression the whole drive would be encrypted, otherwise it would make it easier to possibly compromise the system.


FYI, don't write zeroes to an SSD to erase it. This will not have the effect you would expect since SSDs work differently than mechanical spinning hard drives. Writing zeroes to an SSD will just cause undue wear to the SSD since SSDs have a limited number of times data can be written to each SSD block.


With 2018+ Mac with a T2 security chip or an Apple Silicon Mac, Filevault works differently as it only encrypts the hardware encryption keys by requiring another password to unlock the system. The data on a 2018+ Mac is always hardware encrypted and requires authentication to access.

Secure Erase SSD / File Vault

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.