Daniel Hruska As mentioned on Apple's homepage, OS X Lion comes with more than 200 new features and improvements. It would be redesigned from the ground up FileVault, which has been present almost unchanged in Apple computers since OS X Panther (10.3), therefore the release of a new version was directly desirable.
What actually he File vault does? Simply put - it encrypts the entire hard drive so that anyone who doesn't know the key won't be able to read any data. Encrypting the entire disk so that it can be used in practice is not at all a simple problem to implement. It must meet the following three criteria.
- The user should not set anything. Encryption must be transparent and undetectable while using the computer. In other words - the user should not feel any slowdown.
- Encryption must be resistant to unauthorized access.
- The encryption process should not slow down or limit the basic functions of the computer.
The original FileVault only encrypted the home directory. However, FileVault 2 included with OS X Lion turns the entire drive into an encrypted volume (volume). When you turn on FileVault, a long key is generated, which you should store somewhere off your hard drive. It seems like a good choice to send it by email, save it to .txt file to web/cloud storage or copy it to paper the old-fashioned way and save it in a confidential place. Whenever you shut down your Mac, your data becomes an unreadable jumble of bits. They only get their true meaning when you boot under an authorized account.
The need to turn off the Mac is one of the disadvantages of FileVault. If you want to use it effectively, you need to learn to shut down your Mac instead of putting it to sleep. Once you boot up your Apple computer, anyone with physical access can access your data. The function will definitely come in handy when you need to turn off the computer DESCRIPTION, which belongs to the main to what's new in OS X Lion. The state of your applications is saved, and when the system boots, everything is ready to use exactly as it was before the shutdown.
Possible volume issues
Although using FileVault is more than simple, there is one user-unfriendly operation to do before turning it on - a reboot. FileVault requires a standard volume configuration. One is visible and you use it every day. The second, on the other hand, is hidden and has a name Recovery HD. If you haven't done anything with the drive, you can most likely be fine. However, if you have partitioned your drive into multiple partitions, you may run into problems. You can enable FileVault, but your drive may no longer be bootable. Therefore, you should consider going back to a single-partition volume. To find out your volume configuration, restart your Mac and hold while booting or. You should be shown a list of all volumes. If they include i Recovery HD, you can run FileVault. However, there are reported cases where certain difficulties arose even after meeting these requirements. Therefore, just in case, back up your data via Time Machine or using applications such as Super Duper, Carbon Copy Cloner or Disk Utility. Certainty is certain.
Turn on FileVault
Open it System Preferences and click on Security and privacy. In the tab FileVault tap the lock button in the lower left corner. You will be asked for your password.
- If you're using an even scarier version of FileVault, a window will pop up asking you whether you want to continue encrypting just your home directory or the entire drive. If you choose the second option, you can still choose which users will be allowed to use the Mac protected by FileVault. Click the button Turn on FileVault. A 24-digit key will appear, which was already discussed at the beginning of the article. You can use it to unlock a FileVault encrypted drive even if you forget the password to all authorized accounts that have the right to boot the system.
- Even the loss of the key does not necessarily mean that the drive is encrypted forever. In the next window, you have the option to save a copy of it on Apple's servers. In case you really want to get your key, you have to answer all three questions that you have chosen. In general, it is recommended to fill in these questions falsely. Anyone with a little effort could easily figure out the answers.
- You will be prompted to restart your Mac. Before doing so, make sure that no other users are logged on to the computer. Once you click on Restart all other users will be mercilessly logged out without saving changes to the documents in progress.
- After restarting and logging in under your account, the entire disk will immediately begin to be encrypted. Depending on the size of the data, this process can take up to several hours. If you turn off your computer before encryption is complete, some of the data will still be readable. Of course, it is recommended to leave the whole encryption process until it is finished.
What changed after turning on FileVault?
You must always log in with your username and password when booting. Logging in directly to your desktop would completely defeat the purpose of full disk encryption. The first login after turning on the Mac must be done under an authorized account. Only then can you log in under any account.
With the need to log in, the misuse of your data in the event of theft is also rapidly reduced. You may never see your Mac again, but you can rest assured that no one will be digging through your private documents. If by chance you don't have them backed up, you'll get a hard lesson. Never leave important files on only one drive!
source: MacWorld.com
I do not agree with the statement that it is necessary to turn off the computer.
If I put my mac to sleep and have it set to require a password on wake up, it will be locked when it wakes up. Without a password, no one can get into it anyway. If he wants to access the data, he has to remove the disk, and at that moment the encryption key loaded in RAM is useless.
So I'd say it won't get any data from a sleeping Mac anyway... :P
This is true if a password-protected profile cannot be cracked. How sure are you? :-) I think that the moment the computer is already running, i.e. someone has entered a password, sooner or later I will get to all the data. The only way to be really solidly sure that no one can access the data is to actually shut down the computer so that the attacker has to guess the encryption password, which will be much more difficult. This makes the whole thing seem pointless to me because Macs don't shut down normally and I almost think the encrypted home folder option is better.
I'd probably also use FileVault or something similar, but the thought of slowing down the system puts me off. When using a classic HDD, the effect is not so drastic, because the processor is much more powerful and fills the gap between speeds, but since I am using an SSD, the slowdown would probably already be noticeable there. If I really needed to encrypt the entire disk, I would go for it, but I don't need to encrypt 90% of things - applications, games, movies, songs... the ideal compromise would be to encrypt only selected folders, or selected system partition where I would store personal items and important documents. Too bad FileVault doesn't allow something like that.