Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

What's the point of FileVault?

Of the many recent changes and updates that Lion offers, FileVault has me a little baffled. What's the point of it? Does it allow me to encrypt my files and folders with a password? If so, I haven't seen that option yet. After turning on FileVault, Lion started the process of encrypting my files (so it says) but without the option to enable a password for folders and programs, I'm not sure I understand what purpose it serves.

Mac Pro, Mac OS X (10.6.8)

Posted on Feb 7, 2012 10:09 PM

Reply
47 replies

Sep 22, 2012 7:00 AM in response to MKatzenbach

FileVault very useful to some users. It encrypts your whole hard drive, so in the event your system is stolen then it is very unlikely someone can read the files on your disk. Without it, a thief can easily boot your system to Target Disk mode or even take out the hard drive and use another PC to read its contents.


It is an advanced level of security that is very beneficial, and does not have many of the drawbacks that the previous FileVault had. However, as is always the case be sure you keep a good and full backup of your system, regarldess of whether or not you use filevault.


Filevault will absolutely NOT brick your system as b j t claims. At the very most a problem would require you to format your hard drive and restore from backup or reinstall OS X, but provided you have a good backup this should not be an issue (regardless of how remote it actually is). It is very likely that BT's friend had another issue with his system.

Feb 7, 2012 10:38 PM in response to MKatzenbach

To emphasize, FileVault does not work on the level of individual files, and works underneath the OS so all files on the hard drive are automatically encrypted. The password unlocks the drive's decryption keys so the system can read its contents. Without these keys or the password to unlock them the drive's contents will be garbled.


Because of this requirement for a password, when FileVault is enabled you will not be able to set your system to automatically log in (the password is required to unlock the drive when starting up or restarting).

Feb 7, 2012 11:54 PM in response to boyfromoz

boyfromoz wrote:


Lose you password and computer is bricked with FileVault. Is what BT. Saying and is correct and folks here have done so. I no use for FileVault. Will slow system as well and interfere with upgrades.

This is what happened to the person I know. Now their computer a VERY expensive paper weight

Feb 8, 2012 12:01 AM in response to boyfromoz

Like I described, this is not true. You have the option to save the encryption keys somewhere safe, or even with Apple if you choose. Additionally, if you lose your password and the encryption keys and as a result cannot log in, you still have not bricked your system. It is either restorable from a backup if you have one, or at the very worst you can reinstall OS X.


FileVault 2 also will neither slow the system significantly nor interfere with upgrades. While this may have been the case with the first generation of the FileVault technology which used an encrypted disk image within OS X for the user's home folder, the new FileVault is transparent to the OS so unless upgrades have to do with the FileVault technology itself then the system will not be aware of it. Additionally, while there is a small performance hit because of the encryption overhead, the hit is fairly insignificant.


Here are some benchmarks showing in many cases a very small performance change, with the only major difference being in boot times. In some cases because of caching differences there is even an increase in performance: http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-encryption-faster-mac -os-x-lion/

Feb 8, 2012 12:24 AM in response to b j t

I've been considering FileVault for a long time but have always been scared to start using it because of (a) the performance hit - however small - mentioned above (b) the fear of losing my password.


This is balanced by the fear of having my MacBook Pro stolen while I'm out and about - and thereby, the possibility that anyone could then access the contents of my hard drive (by any of the methods described above by other posters).


So - can I hear it please from some actual users of File Vault? What's your experience? A few questions would be:


- Can I make a clone of my HD if FV is enabled, and boot from it?

- What happens with system upgrades, installing new applications etc.?

- Etc.

Feb 8, 2012 12:40 AM in response to Tom in London

I use FileVault on all of my systems, which include two MacBook Pro systems (one with dual hard drives), a Mac Mini, and an XServe, and have enabled it on numerous other Macs that colleagues have used, and also enable encryption on most of my external hard drives.


You can clone your encrypted drive, though you might have troubles doing block-level clones. Once the drive is unlocked and mounted the system treats it as any other drive, and you can use Carbon Copy Cloner or another cloning tool to file-level clone your drive. The problem with cloning Lion drives with file-level cloning is you will not copy the hidden Recovery HD partiton, but this hurdle is present regardless of whether or not you have FileVault 2 enabled. However, it only takes a few more steps to restore the Recovery HD partition when cloning or restoring your system from backup (it just takes remembering to do so, since cloning is not officially supported by Apple as a backup/recovery routine).


Installing new applications and managing documents is seamless, and is the same as if you install them on any other OS X system. The encryption happens underneath the OS, so OS X, documents, and applications you use are unaware of it and work as they would on any system.


Your concerns about losing the password are good ones, but if you already set your system to use the login window instead of automatic login then there is no difference (the regular use of the login window ensures you remember your password). The same password is used to unlock the drive and then log into your account once the system is booted. The difference with login is that you will need to specify the users who are able to unlock the drive (done in the FileVault system preferences). If a user is not, then the initial login window will not show that user account, and to get to that account another user will have to log in, and then log out so the unauthorized user can access his account.


In terms of performance problems, I've not seen any in my uses (primarily office and computational analysis with programs such as Igor Pro, Matlab); however, I use SSDs in my systems so this greatly increases overall performance and results will likely be different if you are using the slower classic HDD technology.

Feb 8, 2012 1:01 AM in response to Tom in London

While rare, the point that is most likely to give you problems (if any) is when you first enable FileVault and the system sets up the disk management system and encryption keys, and performs the encryption. In these steps the filesystem is more vulnerable to corruption from things like crashes or other mishaps, so do be sure to fully back up your system before enabling it, should something go awry (regardless of its low probability).

Feb 14, 2012 3:57 PM in response to Topher Kessler

May I pls confirm a couple of things with you...


1. CCC has recently enabled Lion Recovery HD cloning. Will Filevault still prevent this because the Recover partion is hidden.

2. I am assuming that the backup itself is not encrypted. In other words you will need to use a third party tool to encrypt the backup.

3. Since Filevault is mostly transparent, the passwords to the admin accounts enabled are still the primary barrier in accessing the information. ie. You do not need to enter the recovery key each time you log in. The benefit therefore only arises when a theif cannot crack the password and uses a peripheral to try and access the disk.


Thanks.

What's the point of FileVault?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.