How exactly does FileVault work?

[Ambrosia7177]

Stepping back for a moment, here are some basic questions about the above mentioned paper and slides...

*******
https://www.cl.cam.ac.uk/~osc22/docs/slides_fv2_ifip_2013.pdfSlide 17

Q1.) What exactly is a GPT header and what does it do?

Q2.) Are Core Storage and HFS Plus "volumes"?

Q2b.) Are there any other "volumes" on a Mac hard-drive?


*******
https://eprint.iacr.org/2012/374.pdf
Page 8
3.6 Full disk encryption and decryption

Now that we have presented the building blocks of FileVault 2 we can describe the entire volume decryption process, as depicted in figure 8. Firstly we need to decrypt the EncryptedRoot.plist file using the key from the volume header.

My understanding is that FileVault2 uses two AES keys:
key1 - volume key
key2 - tweak key

On Slide 17 of https://www.cl.cam.ac.uk/~osc22/docs/slides_fv2_ifip_2013.pdf, it looks like "AES Key 1" is involved...

Q3.) Which "key" is the author talking about? Volume key? Tweak key? Other?

Q4.) Also, if the CoreStorage volume is completely encrypted, then how can AES Key1 be read?

Q5.) And if the AES Key1 is *not* encrypted on the CoreStorage volume header, then doesn't the defeat the purpose of having a key in the first place? (I assume all keys should be private.)


Hopefully those questions make sense...

 

[avz]

Hi,
I am wondering if formatting the drive as APFS encrypted before a clean install is equals turning on the FileVault?

 

[Weaselboy]

Hi,
I am wondering if formatting the drive as APFS encrypted before a clean install is equals turning on the FileVault?

The formatting part is the same, but the end result won't be the same. When you turn on FV in the GUI from System Preferences it sets up a recovery key and changes the way the system boots to boot from the recovery partition. Then from that recovery partition boot screen you are shown a password entry screen that then unlocks the encrypted drive and boots to the OS. If you just format the drive to encrypted first, then install the OS, this boot process won't be configured properly.

 

[NoBoMac]

Unfortunately, these papers and presentations target audiences are computer scientists, security experts.

Q1.) What exactly is a GPT header and what does it do?

Q2.) Are Core Storage and HFS Plus "volumes"?

Q2b.) Are there any other "volumes" on a Mac hard-drive?

My understanding is that FileVault2 uses two AES keys:
key1 - volume key
key2 - tweak key

Q4.) Also, if the CoreStorage volume is completely encrypted, then how can AES Key1 be read?

Q5.) And if the AES Key1 is *not* encrypted on the CoreStorage volume header, then doesn't the defeat the purpose of having a key in the first place? (I assume all keys should be private.)

Hate to be a broken record, but, posts #4 and #11 spell it out in a simple way for Q4 and Q5: the volume encryption key is encrypted, and the weak point is if you have a poorly chosen password (read: short, can be cracked via dictionary cracks [eg. "steelcatburritowallawalla" is not really strong this day and age vs dictionary cracks]).

https://arstechnica.com/information...ckers-make-minced-meat-out-of-your-passwords/

But sprinkled among the overused and easily cracked passcodes in the leaked list are some that many readers might assume are relatively secure. ":LOL1313le" is in there, as are "Coneyisland9/," "momof3g8kids," "1368555av," "n3xtb1gth1ng," "qeadzcwrsfxv1331," "m27bufford," "J21.redskin," "Garrett1993*," and "Oscar+emmy2."

The other variable was the account holders' decision to use memorable words. The characteristics that made "momof3g8kids" and "Oscar+emmy2" easy to remember are precisely the things that allowed them to be cracked. Their basic components—"mom," "kids," "oscar," "emmy," and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations.

Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.

Q1: GUID Partition Table. Basically, the format of the drive itself. https://en.wikipedia.org/wiki/GUID_Partition_Table

Q2: No, they are formats for volumes.

Q2b: yes, can be other volumes, depending on how one formats the drive, what version of OS in use, if Bootcamp installed, etc.

Re: tweak key: it's a bit complicated, but, in essence, it's derived based on where the block of data resides on the disk, and gets tweaked as the encryption process goes:

For each data block to be encrypted the algorithm expects two keys named key1 and key2 (also known as the tweak key), which can be either 128 or 256 bits long, and a 128-bit tweak value i which is usually derived from the block offset. The input data block is partitioned by the algorithm into 128-bit units (the last unit can have less than 128 bits). Each of these data units is assigned a sequential number j starting from 0, and is encrypted as follows: first the tweak value is converted to little endian and encrypted under key2 using AES in ECB mode (this only needs to be done once per data block), then each byte of the encrypted tweak value is left shifted by j bits

If worried about losing the computer to simple theft, FileVault will prevent common thieves and whoever buys hot Macs. Other things to worry about when machine is booted up: vulnerable software, OS, router, poorly designed anti-virus/firewall, man-in-the-middle attacks, etc.

If worried about three-letter organizations, unless you have a truly strong password, not going to stop them.

 

[sgtaylor5]

I setup FileVault the other day on my Mojave-based late 2013 MBP from the System Preferences Security panel. I also setup an EFI password in Recovery. Edit: my MBP is very mobile; it goes with me everywhere and has my company's info in it.

From a cold boot or a reboot, I do not get any special prompts to fill in, save the normal login screen password prompt.

Did I do anything wrong? The only difference I can see is FV is "on" on Security, and my filesystem is now "APFS (Journaled, Encrypted)". Edit 2: The encryption process with 48 GB used took 15 minutes.

 

[NoBoMac]

Sounds like OK. There really isn't a special prompt, especially with Mojave and later (can't speak to anything between El Cap and Mojave). Will see a normal login screen. Earlier versions you had a plain gray screen with the account(s) showing that can unlock the drive.

Encryption on SSDs go quick, and APFS encrypts only the blocks in use (and on the fly when needed for new blocks) vs full disk, so 15min does not sound "wrong".

You can do a "diskutil apfs list" from a Terminal. Should see under your "Macintosh HD" "FileVault: Yes (Unlocked)".

For example, on Catalina, would see something like this:

    |    APFS Volume Disk (Role):   disk1s1 (Data)
    |   Name:                      Macintosh HD - Data (Case-insensitive)
    |   Mount Point:               /System/Volumes/Data
    |   Capacity Consumed:         138447937536 B (138.4 GB)
    |   FileVault:                 Yes (Unlocked)

 

[sgtaylor5]

Sounds like OK. There really isn't a special prompt, especially with Mojave and later (can't speak to anything between El Cap and Mojave). Will see a normal login screen. Earlier versions you had a plain gray screen with the account(s) showing that can unlock the drive.

Encryption on SSDs go quick, and APFS encrypts only the blocks in use (and on the fly when needed for new blocks) vs full disk, so 15min does not sound "wrong".

You can do a "diskutil apfs list" from a Terminal. Should see under your "Macintosh HD" "FileVault: Yes (Unlocked)".

For example, on Catalina, would see something like this:

    |    APFS Volume Disk (Role):   disk1s1 (Data)
    |   Name:                      Macintosh HD - Data (Case-insensitive)
    |   Mount Point:               /System/Volumes/Data
    |   Capacity Consumed:         138447937536 B (138.4 GB)
    |   FileVault:                 Yes (Unlocked)

OK, I see. That's what I have. Thank you for the information.

Oh, that's fascinating - /private/var/vm is in its own volume [in disk1s4 (VM)]. I almost wanted to say "partition", but this is APFS, so...

 

[NoBoMac]

I almost wanted to say "partition", but this is APFS, so...

Technically, if I recall, no matter file system, there's a physical volume and that gets partitioned.

That said, unless dealing with someone overly pendactic, pretty interchangeable for mere mortals.

 

[sgtaylor5]

Because I was thinking: APFS containers can have volumes that can dynamically adjust their sizes as needs demand. If you have to add an HFS+ volume onto the physical disk, it has to be a hard partition outside of the APFS container.

I wanted to keep ideas straight in my mind.