Sorry - it could be M1 only, its my first Mac. I will edit my comment / (Solved) above to reflect this
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FileVault - Yes or No
- Thread starter SRQrws
- Start date
- Sort by reaction score
I think this statement is probably only true for Intel Macs which don't have T2 chips, though it may depend on the Startup Security Settings. M1 Macs have the similar security enclave on the M1 chip.
Last edited:
I am told by a friend with a T2 Mac that, even with max security setting in Startup Security, with no FV, with no Firmware password but with Find my Mac, it boots to Recovery with no password requirement.
I would not be happy with that at all. The computer should be secure with Find my turned on, in my opinion. Apple needs to change how Find My works. If a laptop is stolen and the owner doesn't know until hours or days after, the thief has plenty of time to access the computer, until the owner goes to Find My and locks the laptop.
If your Mac is lost or stolen - Apple Support
If your Mac goes missing, these steps might help you find it and protect your information.
This isn't surprising. Without FileVault, why wouldn't the machine boot without a password prompt?
It seems inconsistent to require a password on normal boot, but not Recovery boot where a baddie can do mischief?
Why bother with a password for normal boot at all (except data much more accessible than a Recovery boot).
A machine is only as secure as its weakest link.
Yes OK, it will boot as far as the login screen, but a bad person can't do any damage from the login screen, so that does not seem relevant.With FileVault off, the machine will boot normally without a password.A password is necessary to log in, but it’ll boot just fine.
My concern is only about the potential for mischief without a password.
This case is exactly what the firmware password is intended to prevent.
Yes I understand that, and will probably do it on my Intel Mac shortly. I am just surprised that the default supply condition of no firmware password and Filevault off, is so vulnerable.
I don't have any stats of course, but I would expect a tiny percentage of the macs in the world have either Filevault or Firmware password enabled.
Obviously Apple have recognised this in M1 Macs.
If you think that’s a concern, turn on FileVault. Otherwise it’s hard to take your concern seriously.
My concern is not just for me. As I said I intend to take action (Firmware or FileVault). I hadn't realised pre M1 Macs were so vulnerable in Recovery.
Fair point that FileVault is encouraged at set up. I wonder how many do.
Sounding too harsh in the arguments for a balanced discussion like this.
We are exploring the facts without telling others what to do.
No one is questioning that FileVault on gives best protection - but its performance on some older machines is questionable.
If you read prev comments - there was a post of screenshot (FileVault on BigSur - as latest OS) with saying that even with FileVault off - user will still be prompted for the password to access Recovery.
Obviously - this is is a bug.
80% of users who never go to Recovery will think that they are still safe...
For exWindows users who moved to M1 Macs - they would presume that system data is safe from acces even without FileVault (Windows: BitLocker) if there is Recovery password (Windows: Bios password with disabled USB booting).
I did presume - but on M1 Mac it was not.
On M1 Mac - Find my Mac is alternative security to get Recovery password.
But it was disabled by me: my iCloud is off (and Find my Mac needs it) + it requires wake on network + if someone steals my Mac - I am less worried on hardware loss, but instead access to to my work files.
We are here to learn something - and not play smart.
I reported this to Apple for filing a bug.
FileVault=NO.
My new M1 Mini encouraged me to turn on FV, I did. After being unable to login after the first restart, I just wasted half a day googling, then I turned FV off. My Logitech MXKeys keyboard isn't recognized as a login device, after login it works perfectly. Of course my crappy little Magic Keyboard somehow gets around this.
My new M1 Mini encouraged me to turn on FV, I did. After being unable to login after the first restart, I just wasted half a day googling, then I turned FV off. My Logitech MXKeys keyboard isn't recognized as a login device, after login it works perfectly. Of course my crappy little Magic Keyboard somehow gets around this.
Have never used it because of all the issues I've seen with it. There are other ways to encrypt.
I have an M1 mac with the T2 HW encryption, but without filevalut. When I setup the mac, there was no prompt or option to enable filevault. if you read the Apple security information, it leads you to believe that you dont need filevault. This is incredibly dangerous mis-information from Apple. to access the contents of the SDD on an M1 Mac with HW SSD encryption, simply start the mac in recovery mode, select share disk, connect any other machine to the mac with a cable, and the second machine has full access to the files without any password or authentication. I could not believe this, so tried it myself and its true. So by default, Apple have no protection from someone stealing your mac, then stealing everything on the mac unless you enable filefvalut. see https://blog.kolide.com/modern-macs-still-need-filevault-d5e2f55c083b
Don't know if it's relevant with the 'modern' T2 macs, but one issue that's forced to keep it turned off is you can't safe boot a mac with FV turned on. I had issues with a display link driver that borked my system, hours on my own trying to sort it, hours with AppleCare & then eventually a trip to the apple store for something that should've been simple to sort.
Can't say I'm surprised based on past form, is the firewall still off by default on new macs or have they sorted that out yet?
When you first set up your Mac, you are given the option to turn on FileVault. With the M1 Mac, FileVault is turned on by default (if you sign in to your ID account), unless one purposefully unticks the FileVault box.
Last edited:
According the the linked article (https://blog.kolide.com/modern-macs-still-need-filevault-d5e2f55c083b), on an M1 MacBook, FileVault is only "on by default" if you elect to sign into iCloud during setup. Interesting. That sure seems odd to me! (I can't verify as I don't have one yet.)
Yes, my post assumes one signs in with iCloud. I will amend my post for clarity. I have a M1 MBA and can verify that if you sign in with Apple ID during set up, it automatically turns on FileVault unless you untick the option box.