ยป FileVault
FileVault is Apple's implementation of encrypting your data on Mac OS and Mac hardware. It will encrypt all of your data on your startup disk and once enabled, it will encrypt your data on the fly and will work seamlessly in the background. It forces all users to have to re-enter their password when waking from sleep or a screensaver and any non-administrator accounts will require an administrator to log them in on first login to enable the encryption.
Verifying FileVault encryption (MacOS)
Under System Preferences, launch Security and Privacy. Click on the FileVault tab. Status should be “FileVault is turned on”. (see example below)
How do I install FileVault?
Submit a Service Desk Request to have a support technician enable File Vault on your computer.
Pre-requisites:
- The computer must have a local Recovery Partition present on the internal hard disk (HDD) or Solid State Drive (SSD).
- The user accounts on the computer must have a "secure token" - meaning the account must be created by the Operating System and not created via an automated script. Chapman-deployed Macintosh computers that were imaged prior to macOS 10.13 High Sierra do not meet this criterion and will require an IS&T technician to wipe (erase) the internal drive and reins tall the Operating System from scratch. Encryption works in the background
You can continue to work on your computer during the encryption phase . The length of time it takes FileVault to fully encrypt your files depends on the size and type of your drive and how much data is being encrypted.
How does it work?
FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit "key" to help prevent unauthorized access to the information on your startup disk.
When FileVault is enabled, this secure "key" is generated using information from the physical computer components, hard drive information, and other data. Once FileVault is enabled, a recovery key is generated. The recovery key is used to gain access to the computer should you forget your password. Only authorized IS&T staff have access to this key stored which is store in a secure location.
Requirements
To enable FileVault, your computer must satisfy certain requirements:
- The computer must have a local Recovery Partition present on the internal hard disk (HDD) or Solid-State Drive (SSD).
- The user accounts on the computer must have a "secure token" - meaning the account must be created by the Operating System and not created via an automated script. Chapman-deployed Macintosh computers that were imaged prior to macOS 10.13 High Sierra do not meet this criterion and will require an IS&T technician to wipe (erase) the internal drive and reinstall the Operating System from scratch.
Will encryption affect my computer performance?
FileVault encryption and/or encrypted hard drive data, in general, can have some effect on overall computer performance. Because FileVault is built into the macOS Operating System, Apple claims that any performance hit is negligible and should be unnoticeable for most users.
If my hard drive fails, can I retrieve my data?
It is always advisable to back up your data. It is recommended that you save your data to a cloud service such as Dropbox or Google Drive (and not to the Desktop or Documents folder on your computer); free Dropbox and Google Drive accounts are available by logging in to these services with your Chapman network credentials.
In addition, Chapman offers an online backup program that can back up your entire computer any time it is connected to the internet called Code42 CrashPlan. If it is not already installed, you can install this program via the Self-Service application, or by contacting the Service Desk to have Code42 CrashPlan installed.
Should your hard drive fail, it can be very costly to recover your data. A backup is your best option for recovery.