Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

circatee

Contributor
Original poster
Nov 30, 2014
4,492
3,048
Georgia, USA
Being secure is something we all think about nowadays.
With that being said, is FileVault worth it on a Mac Mini M1?

I just received a work MacBook Pro (my first, and transitioning from Windows). Thus, FileVault is active on the MBP.
Is it worth it to turn it on, on the Mac Mini M1?

OS is Monterey...
 

Madhatter32

macrumors 65816
Apr 17, 2020
1,469
2,934
I guees it depends on how you intend to use the device but there is almost no reason I can think of for not wanting to use it. One cannot be too secure imho.
 
  • Like
Reactions: circatee

circatee

Contributor
Original poster
Nov 30, 2014
4,492
3,048
Georgia, USA
When you setup FileVault, and use iCloud as your option to recover, I take it the key isn’t shown/sent to you?
 

chabig

macrumors G4
Sep 6, 2002
11,432
9,288
Is it worth it to turn it on, on the Mac Mini M1?
Simple answer–turn it on. Let me quote from this:


"One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles."

When FileVault is off, the volume encryption key is stored in the Secure Enclave, outside of anyone's view, and when you log into the machine it begins decrypting all data transferred to and from the SSD. When you turn on FileVault, you are wrapping that volume encryption key with your account password, so if you forget your user password you can use your recovery keys to save your data. If FileVault is off and you can't log in because you forgot your password, nobody can recover data from the SSD.

So don't ask whether it's worth it. There is no downside to turning FileVault on.
 
  • Like
Reactions: circatee

circatee

Contributor
Original poster
Nov 30, 2014
4,492
3,048
Georgia, USA
Simple answer–turn it on. Let me quote from this:


"One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles."

When FileVault is off, the volume encryption key is stored in the Secure Enclave, outside of anyone's view, and when you log into the machine it begins decrypting all data transferred to and from the SSD. When you turn on FileVault, you are wrapping that volume encryption key with your account password, so if you forget your user password you can use your recovery keys to save your data. If FileVault is off and you can't log in because you forgot your password, nobody can recover data from the SSD.

So don't ask whether it's worth it. There is no downside to turning FileVault on.
Thanks for the breakdown. For me, the fear was being new to macOS and turning on something like FileVault (it was on by default on the work MBP), I would accidentally lose access to my Mac Mini or it’s data…
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.