Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Anybody else enabled FileVault?
- Thread starter konradsa
- Start date
- Sort by reaction score
Thanks Weaselboy!
One question though. I just tried it with a small SSD, and it worked in the sense that the format is now Mac OS journaled and encrypted, but the drive automatically mounts on my desktop during login.
I thought it would ask me for the password. Anyway I could make that happen?
Loa
One question though. I just tried it with a small SSD, and it worked in the sense that the format is now Mac OS journaled and encrypted, but the drive automatically mounts on my desktop during login.
I thought it would ask me for the password. Anyway I could make that happen?
Loa
Last edited:
I leave my MBP running most of the time. I had had FileVault 2 running and turned it off a week ago to test something, and decided to keep it off since it wasn't doing me much good with it running most of the time.
Last night, 556fmjoe brought to my attention, that it is possible to still make use of FileVault 2 with the Mac running, by issuing a terminal command that kills the encryption key in RAM, when the screen saver (via hot corner) is initiated. Doing this serves my needs and Mac habits much better, than relying on my MBP being off to take advantage of FileVault. I turned FileVault back on and used the following command. Now, I use the hot corner to put my display to sleep immediately when need be. Encryption is now in force, until it is unlocked again by the password.
http://www.cnet.com/news/prevent-os-x-filevault-keys-from-being-stored-in-standby-mode/
"Change the 1 to a 0 to revert the setting to its default. This will force you to enter your Filevault password when you wake it up as the encryption keys will not be in RAM and will need to be recreated."
I posted this in case others have the same or similar concerns or needs as I do.
Last night, 556fmjoe brought to my attention, that it is possible to still make use of FileVault 2 with the Mac running, by issuing a terminal command that kills the encryption key in RAM, when the screen saver (via hot corner) is initiated. Doing this serves my needs and Mac habits much better, than relying on my MBP being off to take advantage of FileVault. I turned FileVault back on and used the following command. Now, I use the hot corner to put my display to sleep immediately when need be. Encryption is now in force, until it is unlocked again by the password.
http://www.cnet.com/news/prevent-os-x-filevault-keys-from-being-stored-in-standby-mode/
"Change the 1 to a 0 to revert the setting to its default. This will force you to enter your Filevault password when you wake it up as the encryption keys will not be in RAM and will need to be recreated."
I posted this in case others have the same or similar concerns or needs as I do.
Hello,
I checked the keychain, and it's not there. But while the system remembers the password after a log out, it forgets it after a restart.
It seemed to make more sense to ask for it every time you want to mount it...
I may need to use the terminal method.
Loa
I checked the keychain, and it's not there. But while the system remembers the password after a log out, it forgets it after a restart.
It seemed to make more sense to ask for it every time you want to mount it...
I may need to use the terminal method.
Loa
For those who have no generated password during set-up and are stuck on pause this might explain the problem.
When I first turned on my brand new rMBP I was given the following options at start-up.
'1) Allow my iCloud account to unlock my disk
2) Create a recovery key and do not use my iCloud account'
I must have ticked no 2 and then I noticed a few days later that the encryption was paused and just hanging there before completion.
If you encrypt your disc you need a generated password to decrypt it again should you need to. Option 1 should give you the code in iCloud. However I never saw or was given a code during set-up after I clicked option 2. This is the reason why I believe the encryption just hung, I*had NO generated password.
Apple tech support said I needed to erase the disc and do a complete OS X reinstall (a pain) When I came to the same options at start-up, I just ticked I'll do it later. After I was finished I went into 'Security and Privacy' and then chose the encryption function. It then generated a new password which I noted, and the disc encrypted perfectly.
When I first turned on my brand new rMBP I was given the following options at start-up.
'1) Allow my iCloud account to unlock my disk
2) Create a recovery key and do not use my iCloud account'
I must have ticked no 2 and then I noticed a few days later that the encryption was paused and just hanging there before completion.
If you encrypt your disc you need a generated password to decrypt it again should you need to. Option 1 should give you the code in iCloud. However I never saw or was given a code during set-up after I clicked option 2. This is the reason why I believe the encryption just hung, I*had NO generated password.
Apple tech support said I needed to erase the disc and do a complete OS X reinstall (a pain) When I came to the same options at start-up, I just ticked I'll do it later. After I was finished I went into 'Security and Privacy' and then chose the encryption function. It then generated a new password which I noted, and the disc encrypted perfectly.
I have a related question:
some minutes a go I install Yosemite ( a fresh install ) so over the installing process I check the option for filevault enabled https://derflounder.files.wordpress.com/2014/10/yosemite_filevault_setup_assistant.png
so now I go to filevault http://cdn.hightechdad.netdna-cdn.com/wp-content/uploads/2014/10/HTD-Disable-FileVault.png
but I DONT HAVE ANY SECURITY KEY, yosemite installation never give a security key, ok it seems that I can access with apple id but! where's my security key?
thanks
If you go with the default install setup, it doesn't give you a security key to unlock your drive. Your Apple ID is your only key. I think a key should be issued during setup.
yes! setup install dont give me anything... so bad.
1. so what happen if I know turn off filevault and turn on again? now give me something?
2. but well my MAIN BIG QUESTION about filevault is:
what happen if my computer crash forever BUT not the SSD inside... so I can eject the SSD put in dock and access to my info from another computer?
As to point one, you can turn it on (again) in Preferences > Security. It should issue a key.
As to point two, as long as you know the encrypted key for the FileVault2 SSD, you will still have access to the files. If you have no need of the files after the fact, you can simply erase the SSD in Disk Utility for later use. Erasing the SSD removes the key and encryption.
thank you, the only confusing thing is how can access to my disk from another computer in a enclosure by example why my apple id, damn really why the install dont give me a key!
so is healthy put OFF and later put ON again just for get a key?
thanks
The answer to your question depends on several factors.
If you have sensitive information stored on your Mac, whether from the job and or personal use, it would be a good idea to enable FileVault2 when you can, even if the Mac never leaves your home. Theft can happen, as well as someone in your home trying to look at things on your Mac they are not authorized to.
yes I work in home etc... I want use filevault2 but again well if mac crash and I eject the ssd to see my info I dont understand how can see it with the ssd in a enclousure... if only have the apple id...
by the way of course I also have a backup of my ssd...
yes I work in home etc... I want use filevault2 but again well if mac crash and I eject the ssd to see my info I dont understand how can see it with the ssd in a enclousure... if only have the apple id...
by the way of course I also have a backup of my ssd...
You can put the SSD in an enclosure, and then connect it to your Mac whenever you want to use it. When you double-click on the drive in Finder, it will ask you for the password (key) to access the drive. Input the password and you should have full access to the SSD. It really isn't any different than attaching any other external drive to your Mac for use.
ok that password (key) that you say is the password key of my computer? or is the password key (THAT APPLE DONT GIVE ME IN THE INSTALLATION)?
thanks again!
For anyone who installed Yosemite with the default settings, the Apple ID password used at the time of install will be the one to unlock the drive.
If you change your Apple ID password (on Apple site) after the fact, you will need to use the same password used to set up FileVault 2, not the newly created Apple ID password.
No, it won't use more space. It will just put a special code on the drive, that cannot be unlocked without the key.
Hello, I am currently debating the usefulness of FileVault for my situation. Like you, I keep my MBA running all the time. If it's stolen from my home, it would most likely be running at the time.
I read what you said, but I am curious about it because I thought that OSX can require a password when coming out of standby or screen saver without running that line of code you posted.
So I am a bit confused.
Hello, I am currently debating the usefulness of FileVault for my situation. Like you, I keep my MBA running all the time. If it's stolen from my home, it would most likely be running at the time.
I read what you said, but I am curious about it because I thought that OSX can require a password when coming out of standby or screen saver without running that line of code you posted.
So I am a bit confused.
You are right in that a password is required when coming out of standby etc. The difference with what I said, is that your drive is still encrypted during the screen saver mode etc., whereas with the method you mentioned it isn't, even though you have FileVault 2 enabled.
I see. That seems like a flaw. I would think a lot of people leave their computers on 24/7. I would think Apple would have something to protect them set by default. It seems like you could just grab a laptop out of someone's home and not have to worry about FileVault encryption if it is powered on.
I agree that Apple should have addressed the issue in this area. Since they didn't, it leaves the computer vulnerable so long as it is running in standard mode as described.
How did you manage to turn off the name of your account at startup? If I turn my computer off and on it still says my user account name when I need to select the user during startup.
Last edited: