Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Scotch_Brawth
Scotch_Brawth Author
User level: Level 3
825 points

"pmset -g destroyfvkeyonstandby" not working?

Hi,


So I read about this setting recently and implemented it on my MacBook Pro:

destroyfvkeyonstandby - Destroy File Vault Key when going to standby

mode. By default File vault keys are retained even when system goes to

standby. If the keys are destroyed, user will be prompted to enter the

password while coming out of standby mode.(value: 1 - Destroy, 0 -

Retain)

Running pmset -g reveals this is now correctly set to "1". However, when waking on sleep I'm only prompted for my user login password, not the FV2 password. I rebooted the machine but this didn't change anything. My only conclusion is that I'm misunderstanding the meaning of, "standby mode". Can anyone shed any light on this?

MacBook Pro (15-inch Early 2011), OS X Mountain Lion (10.8.2), 120GB SSD, 4GB RAM

Posted on Sep 30, 2013 1:16 PM

Reply
3 replies
User profile for user: 13th
13th
User level: Level 1
10 points

Oct 9, 2013 10:39 AM in response to Scotch_Brawth

To make full use of this feature you would also need to instruct your MacBook Pro to hibernate (standby) and remove power from the RAM. Hibernate mode 25 instead of hibernate mode 3 would be the appropriate configuration. It will be a longer wake and sleep but more secure.


The full command to set this up would be:


sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25


hibernatemode = 3 (binary 0011) by default on supported portables. The system will store a copy of memory to persistent storage (the disk), and will power memory during sleep. The system will wake from memory, unless a power loss forces it to restore from disk image.


hibernatemode = 25 (binary 0001 1001) is only settable via pmset. The system will store a copy of memory to persistent storage (the disk), and will remove power to memory. The system will restore from disk image. If you want "hibernation" - slower sleeps, slower wakes, and better battery life, you should use this setting.


destroyfvkeyonstandby - Destroy File Vault Key when going to standby mode. By default File vault keys are retained even when system goes to standby. If the keys are destroyed, user will be prompted to enter the password while coming out of standby mode.(value: 1 - Destroy, 0 - Retain)

Reply

"pmset -g destroyfvkeyonstandby" not working?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up