Filevault

circatee · Jul 23, 2022

Being secure is something we all think about nowadays.
With that being said, is FileVault worth it on a Mac Mini M1?

I just received a work MacBook Pro (my first, and transitioning from Windows). Thus, FileVault is active on the MBP.
Is it worth it to turn it on, on the Mac Mini M1?

OS is Monterey...

Madhatter32 · Jul 23, 2022

I guees it depends on how you intend to use the device but there is almost no reason I can think of for not wanting to use it. One cannot be too secure imho.

circatee · Jul 23, 2022

When you setup FileVault, and use iCloud as your option to recover, I take it the key isn’t shown/sent to you?

Apple_Robert · Jul 23, 2022

circatee said:
When you setup FileVault, and use iCloud as your option to recover, I take it the key isn’t shown/sent to you?

Correct.

chabig · Jul 23, 2022

circatee said:
Is it worth it to turn it on, on the Mac Mini M1?

Simple answer–turn it on. Let me quote from this:

Explainer: FileVault

On T2 and M1 Macs, FileVault provides robust protection of the Data volume on internal storage without any performance penalty.

eclecticlight.co

"One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles."

When FileVault is off, the volume encryption key is stored in the Secure Enclave, outside of anyone's view, and when you log into the machine it begins decrypting all data transferred to and from the SSD. When you turn on FileVault, you are wrapping that volume encryption key with your account password, so if you forget your user password you can use your recovery keys to save your data. If FileVault is off and you can't log in because you forgot your password, nobody can recover data from the SSD.

So don't ask whether it's worth it. There is no downside to turning FileVault on.

circatee · Jul 23, 2022

Apple_Robert said:
Correct.

Much appreciated…!

circatee · Jul 23, 2022

chabig said:
Simple answer–turn it on. Let me quote from this:

Explainer: FileVault

On T2 and M1 Macs, FileVault provides robust protection of the Data volume on internal storage without any performance penalty.

eclecticlight.co

"One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles."

When FileVault is off, the volume encryption key is stored in the Secure Enclave, outside of anyone's view, and when you log into the machine it begins decrypting all data transferred to and from the SSD. When you turn on FileVault, you are wrapping that volume encryption key with your account password, so if you forget your user password you can use your recovery keys to save your data. If FileVault is off and you can't log in because you forgot your password, nobody can recover data from the SSD.

So don't ask whether it's worth it. There is no downside to turning FileVault on.

Thanks for the breakdown. For me, the fear was being new to macOS and turning on something like FileVault (it was on by default on the work MBP), I would accidentally lose access to my Mac Mini or it’s data…

Search

Search

Filevault

circatee

Contributor

Madhatter32

macrumors 65816

circatee

Contributor

Apple_Robert

Contributor

chabig

macrumors G4

Explainer: FileVault

circatee

Contributor

circatee

Contributor

Explainer: FileVault

Our Staff