Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Are you using FileVault? If so, where does it consume the extra space?

A

Avery1

macrumors regular
Original poster
Mar 14, 2010
134
12
My understanding is that FileVault requires 2x the space of the home directory, to function.

After talking to AppleCare, my understanding is that FileVault works by storing the entire home directory as an encrypted disk image. Fair enough, this makes sense.

However, I'm going to configure my Mac Pro with an SSD as the boot disk, and plan to move my home directory off to the non-boot disk. With FileVault enabled, this raises a couple concerns for the SSD Boot disk.

So, the main question is: Will it write the 'second' copy of my home directory to the boot disk, or wherever the home directory lives? AC indicated that the extra space was needed under /Users, but I'm not sure if it is under /Users/<username> or directly under /Users.

If you have FileVault enabled, can you look and let me know?

Thanks,
Avery
 
Krevnik

Krevnik

macrumors 601
Sep 8, 2003
4,100
1,309
It doesn't use twice the space. The encrypted disk image is where all your data is stored, and it mounts it in place of your home directory when you
log in. It takes up the same amount of space it would otherwise.
 
A

Avery1

macrumors regular
Original poster
Mar 14, 2010
134
12
Krevnik said:
It doesn't use twice the space. The encrypted disk image is where all your data is stored, and it mounts it in place of your home directory when you
log in. It takes up the same amount of space it would otherwise.
Click to expand...

So... in my scenario, I am looking to install a SSD as a boot drive for OS applications only, in my mac pro. I will have a secondary raid1 array, and I presume I will move the home directory to live on this array.

In this scenario, are you saying that I do not have to be concerned about the SSD (which is smaller than the HDD) space being utilized? Just want to be sure before I open the packaging on the new drives...
 
Krevnik

Krevnik

macrumors 601
Sep 8, 2003
4,100
1,309
With FileVault on, you won't move the home folder, you will need to move the disk image.

The home folder in the case of FileVault is a decoy, it doesn't actually exist (other than as a mount point for the disk image).

I'm not sure you can move the disk image easily, but you will need to look up some more on FileVault to know how to do it, because it is more complicated than just a home folder.
 
angelwatt

angelwatt

Moderator emeritus
Aug 16, 2005
7,852
9
USA
The 2x space might be in consideration of when you turn FileVault on or off. It require twice the space of your home directory to be free in order to turn it on or off, which it uses as a temporary spot.
 
A

Avery1

macrumors regular
Original poster
Mar 14, 2010
134
12
angelwatt said:
The 2x space might be in consideration of when you turn FileVault on or off. It require twice the space of your home directory to be free in order to turn it on or off, which it uses as a temporary spot.
Click to expand...

angelwatt -- I suspect that's the case and think you're probably right; however, when I asked the folks at Apple Care -- they seemed to indicate it would consume 2x the space, real-time. Then again, they frequently tend to be confused by the level of questions that are asked or just not know the answer. Too bad there isn't better documentation somewhere.

I thought of spinning up a virtual machine to do a test, but apparently you can't do that with Mac OS :(
 
angelwatt

angelwatt

Moderator emeritus
Aug 16, 2005
7,852
9
USA
Avery1 said:
angelwatt -- I suspect that's the case and think you're probably right; however, when I asked the folks at Apple Care -- they seemed to indicate it would consume 2x the space, real-time. Then again, they frequently tend to be confused by the level of questions that are asked or just not know the answer. Too bad there isn't better documentation somewhere.
Click to expand...

Well, as a user of FileVault for 3+ years I can tell you with 100% certainty that using FileVault does not use 2x the HD space. It uses potentially a few MB at most for some extra file info somewhere, but it's absolutely nowhere near 2x the size of your data.
 
A

Avery1

macrumors regular
Original poster
Mar 14, 2010
134
12
Did a little testing on a fresh install...

I moved my home directory to a second disk, then added a few gigs of data.

I then enabled FileVault.

Via sudo du -hs, the home directory appeared to be 3.3GB and contained visible files.

As a second admin user, I logged in and poked around with sudo.

The new home directory @ /Volumes/disk2/Users2/avery showed the size to be 4.1 GB and via sudo I could see a single file called avery.sparsebundle that could not be read/opened further.

appeared to have 3.3GB by user; 4.1 GB by second admin user
Added 5.5 GB of data to the home directory
appeared to have 8.5GB by user; 9.3 GB by second admin user

So, it seems there is some inflation of size -- though it is relatively fixed or a small % gain. However, it is difficult to verify in entirety where the other used disk comes from. When I did a sudo find . -size +500000000c, the sparsebundle did not show up, so it is possible the OS also stores other files that are not recognizable by `find` .

The good news is that at first glance, it appears to show up local to where the home directory resides.

One other note: when I copied lots of MP3s prior to encryption and after encryption, the transfer/write rate was only about 3% slower after enabling encryption. Logout is slightly slower.
 
maflynn

maflynn

macrumors Haswell
May 3, 2009
73,481
43,407
You do realize that there is over head needed to encrypt/decrypt files which is why you're seeing a slight degradation in performance. The higher physical space usage could also be attributed to that, i.e., the physical file's encrypted image.
 
A

Avery1

macrumors regular
Original poster
Mar 14, 2010
134
12
maflynn said:
You do realize that there is over head needed to encrypt/decrypt files which is why you're seeing a slight degradation in performance. The higher physical space usage could also be attributed to that, i.e., the physical file's encrypted image.
Click to expand...

Thanks. Yep, encryption does require additional processing.

However, based on my initial observations and readings, the mounted disk image is unencrypted at login and encrypted at logout -- so in theory, there should be no or minimal overhead to processing transactions, once logged in. The 3% during copy is likely a margin-of error, but if not... well, it's 3%.

I posted up the above details mainly as a point of reference for others with similar questions.
 
I

iVoid

macrumors 65816
Jan 9, 2007
1,145
190
Avery1 said:
Thanks. Yep, encryption does require additional processing.

However, based on my initial observations and readings, the mounted disk image is unencrypted at login and encrypted at logout -- so in theory, there should be no or minimal overhead to processing transactions, once logged in. The 3% during copy is likely a margin-of error, but if not... well, it's 3%.
Click to expand...

No , the sparsedisk image is mounted at login and then any data read or written to it is decrypted/encrypted on the fly.

So the the data is always encrypted on the disk, and only when you access it is it decrypted as data is read from the disk so you can read files. It actually never writes unencrypted data to the sparse image (talk about a security hole). So there is a performance penalty, but on modern Macs you should barely notice it.

It would take forever to unencrypt a large disk image and then reencrypt it. It would also be a major security problem. All a criminal wanting to look at your data would have to do is unplug the mac and leave the disk unencrypted.


Now if someone has access to your system or you have file sharing on, people could get to the data since when you're logged in as the data is available to be read at that point. Password protecting your screen saver and keeping file sharing off is a good practice when using FIlevault if you're really paranoid.

As for the size of the disk image file, there is directory information and a used block map that takes up space above the actual data files. So the disk image will be larger than all the data on it.
 
iPhysicist

iPhysicist

macrumors 65816
Nov 9, 2009
1,343
1,004
Dresden
I use File Vault from beginning. My Home Directory shows 500GB but I do not have a 500GB Drive. Mine is 250GB, so maybe this is ment with 2 times more space "required".
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom