Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ivanwi11iams

Contributor
Original poster
Nov 30, 2014
4,507
3,066
Georgia, USA
Being secure is something we all think about nowadays.
With that being said, is FileVault worth it on a Mac Mini M1?

I just received a work MacBook Pro (my first, and transitioning from Windows). Thus, FileVault is active on the MBP.
Is it worth it to turn it on, on the Mac Mini M1?

OS is Monterey...
 
I guees it depends on how you intend to use the device but there is almost no reason I can think of for not wanting to use it. One cannot be too secure imho.
 
  • Like
Reactions: ivanwi11iams
Is it worth it to turn it on, on the Mac Mini M1?
Simple answer–turn it on. Let me quote from this:


"One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles."

When FileVault is off, the volume encryption key is stored in the Secure Enclave, outside of anyone's view, and when you log into the machine it begins decrypting all data transferred to and from the SSD. When you turn on FileVault, you are wrapping that volume encryption key with your account password, so if you forget your user password you can use your recovery keys to save your data. If FileVault is off and you can't log in because you forgot your password, nobody can recover data from the SSD.

So don't ask whether it's worth it. There is no downside to turning FileVault on.
 
  • Like
Reactions: ivanwi11iams
Simple answer–turn it on. Let me quote from this:


"One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles."

When FileVault is off, the volume encryption key is stored in the Secure Enclave, outside of anyone's view, and when you log into the machine it begins decrypting all data transferred to and from the SSD. When you turn on FileVault, you are wrapping that volume encryption key with your account password, so if you forget your user password you can use your recovery keys to save your data. If FileVault is off and you can't log in because you forgot your password, nobody can recover data from the SSD.

So don't ask whether it's worth it. There is no downside to turning FileVault on.
Thanks for the breakdown. For me, the fear was being new to macOS and turning on something like FileVault (it was on by default on the work MBP), I would accidentally lose access to my Mac Mini or it’s data…
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.