Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

jiangning

macrumors member
Original poster
Jan 29, 2010
48
18
I noticed my new 2018 MBP turned on Filevault by default. Out of curiosity, I turned it off and on again. Unlike previous experience, both processes were instant, no need to wait hours.

I'm a bit doubtful on whether Filevault is actually turned on given zero encryption time? Does the instant encryption has something to do with T2 chip?
 
The short answer is that it is the result of a combination of ultra fast SSD, some features of APFS designed around encryption, and that one of the functions of the T2 chip is handling encryption in the background instead of the main CPU doing it - so you don’t feel any performance penalty for encrypt/decrypt tasks.
 
  • Like
Reactions: afir93 and maflynn
Might find this support doc of interest:
https://support.apple.com/en-us/HT208344

What I find interesting from it is this line:
Though the SSD in computers that have the Apple T2 chip is encrypted, you should turn on FileVault so that your Mac requires a password to decrypt your data.

From that I get the impression all SSDs with the T2 chip are automatically encrypted, so technically turning FileVault on or off does not really change the fact the drive is encrypted (it always is). Only reason to turn it on, apparently, is to activate a password.
 
Last edited:
  • Like
Reactions: adrianlondon
I think the best way I have heard it described is that it operates like current iDevices do. The storage is always encrypted, if you set a passcode the main volume will not be decrypted until it is entered, so you are effectively keeping the OS from accessing the key, or keys really, that are stored in the Secure Enclave until you enter your passcode on your iDevice. The new MacBook Pro, and I believe the iMac Pro, operate the same. The drives are always encrypted, turning on FileVault just password protects the decryption key. No decryption will happen until the password is entered.

This too is probably oversimplification, my guess is that there are multiple parts of the drive that are encrypted in different ways. Much like the iDevices. Some parts are decrypted automatically, like the boot partition, other parts can be held up by not having entered the passcode. Either way, the FileVault on the 2018 MacBook Pro is happening instantly because the drives aren't being encrypted or decrypted. You are password protecting the decryption key, and removing that protection with the checkbox.
 
I noticed my new 2018 MBP turned on Filevault by default. Out of curiosity, I turned it off and on again. Unlike previous experience, both processes were instant, no need to wait hours.

I'm a bit doubtful on whether Filevault is actually turned on given zero encryption time? Does the instant encryption has something to do with T2 chip?
I noticed the same thing with mine when I turned on FV. I was waiting for a reboot and the long encryption process like I have seen on older MBPs... and it did not happen and was pretty much instant like you said.

I even turned FV off then back on just to test, and it did the same thing. If you run diskutil list and diskutil cs list in Terminal you can see that the volume is encrypted though, so it seems to be working.
 
I noticed the same thing with mine when I turned on FV. I was waiting for a reboot and the long encryption process like I have seen on older MBPs... and it did not happen and was pretty much instant like you said.

I even turned FV off then back on just to test, and it did the same thing. If you run diskutil list and diskutil cs list in Terminal you can see that the volume is encrypted though, so it seems to be working.

So it still takes a good bit of time but now does it in the background?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.