Is the hard drive accessible via usb or thunderbolt?

msmth928 · Mar 12, 2013, 12:08 PM

Just wondering whether the hard drive of my (2012) MBA would be accessible via usb or thunderbolt if it got stolen.

I have my account password protected but would like to keep my files safe if possible - is filevault the only option? Or is password protection generally enough?

(Does filevault slow down MBA's much if turned on?)

garybUK · Mar 12, 2013, 12:27 PM

You can start the computer in 'Target Disk Mode' by holding down T when you switch on the computer, this makes the computer behave as a giant external hdd.

I guess if someone stole your laptop they can access it this way, Filevault would stop this as (IIRC from the old days).... it creates a giant encrypted/passworded sparse bundle which is mounted when you boot.....

AlanShutko · Mar 12, 2013, 12:41 PM

Nowadays it doesn't use a sparse bundle, it encrypts the whole partition. But the result is the same: your data will not be retrievable without your password.

msmth928 · Mar 12, 2013, 01:01 PM

Quote:

Originally Posted by garybUK

You can start the computer in 'Target Disk Mode' by holding down T when you switch on the computer, this makes the computer behave as a giant external hdd.

I guess if someone stole your laptop they can access it this way, Filevault would stop this as (IIRC from the old days).... it creates a giant encrypted/passworded sparse bundle which is mounted when you boot.....

Ah right thanks, I guess there's no way of disabling this in the bios? Would seem like a fairly good compromise if there was.

Does encrypting the disk slow things down much?

garybUK · Mar 12, 2013, 02:42 PM

Quote:

Originally Posted by msmth928

Ah right thanks, I guess there's no way of disabling this in the bios? Would seem like a fairly good compromise if there was.

Does encrypting the disk slow things down much?

You can set a firmware password, boot up and press CMD-R to start the recovery partition, then on the Utilities menu choose Firmware Password. That will prompt before it will fire up Target Disk Mode.

If you have an SSD then Filevault shouldn't slow down much, on my old PowerBook G4 it ran like a dog... not tried it recently.

msmth928 · Mar 12, 2013, 02:59 PM

Quote:

Originally Posted by garybUK

You can set a firmware password, boot up and press CMD-R to start the recovery partition, then on the Utilities menu choose Firmware Password. That will prompt before it will fire up Target Disk Mode.

If you have an SSD then Filevault shouldn't slow down much, on my old PowerBook G4 it ran like a dog... not tried it recently.

Can you see any downsides to using a firmware password? Once set, the data on my MBA should be relatively safe, no? (I can't imagine your typical thief trying to solder the HD chips just to get at someone's emails, can you? Would it even be easily possible?)

Thanks again for the reply!

garybUK · Mar 12, 2013, 03:25 PM

Quote:

Originally Posted by msmth928

Can you see any downsides to using a firmware password? Once set, the data on my MBA should be relatively safe, no? (I can't imagine your typical thief trying to solder the HD chips just to get at someone's emails, can you? Would it even be easily possible?)

Thanks again for the reply!

No worries, it's actually a problem i didn't think of until you mentioned it...

I suppose if they are really determined the rMBP's still have removable SATA cards so they could whack it in one of those OCZ Caddy things.

I just did some reading up and looks like since Lion+ they moved to CoreStorage LVM Encryption rather than using SpareBundles so it should be much faster!!! I'd go this route as full disk encryption would be better than just a firmware password.

Downsides to a firmware password... if you forget it, your hosed? also it'd be a pain in the butt when booting etc.

jdechko · Mar 12, 2013, 04:10 PM

Quote:

Originally Posted by garybUK

Downsides to a firmware password... if you forget it, your hosed? also it'd be a pain in the butt when booting etc.

Apparently with newer Macs, the firmware password can only be reset by Apple, either through Apple or an AASP.

Also, I don't think you need to input your firmware password when booting from the internal HD, only when you want to boot from a different device (such as Internet recover, external HD, TDM, etc).

Good security information to know, though. Seems like Apple has plugged a bunch of holes related to firmware passwords which makes them more effective security.

Stetrain · Mar 12, 2013, 06:24 PM

Quote:

Originally Posted by msmth928

Can you see any downsides to using a firmware password? Once set, the data on my MBA should be relatively safe, no? (I can't imagine your typical thief trying to solder the HD chips just to get at someone's emails, can you? Would it even be easily possible?)

Thanks again for the reply!

I don't think that a firmware password would keep them from popping out the SSD and sticking it into another Macbook Air (or a compatible external enclosure like OCZ sells) to see what's on it. No soldering required.

You would need FileVault to prevent that.

AlanShutko · Mar 12, 2013, 11:08 PM

The Core i* processors have hardware encryption, so Filevault is a very, very minimal performance impact. I do not notice the impact on my2012 i7 MBA.

There was definitely more of an impact on the Core 2 Duos, but it was still tolerable from the stuff I've read.

maxosx · Mar 12, 2013, 11:10 PM

Quote:

Originally Posted by msmth928

Does encrypting the disk slow things down much?

It hasn't on mine.

Mrbobb · Mar 13, 2013, 01:24 PM

If just against nosy people, firmware pwd is enough. However if you have bank accounts info, and other stuff you NEVER want anybody to see EVER, then encryption is recommended.

msmth928 · Mar 13, 2013, 03:16 PM

Thanks for the replies everyone - I have enabled filevault and there doesn't seem to be any noticeable slowdown

Weaselboy · Mar 13, 2013, 05:02 PM

Quote:

Originally Posted by msmth928

Thanks for the replies everyone - I have enabled filevault and there doesn't seem to be any noticeable slowdown

I am coming in late to the thread, but it is good that you enabled FV2. With Lion and Mountain Lion Apple was nice enough to put the admin password reset utility right on the recovery partition. So all a thief needed to do was command-r boot and use the utility to reset your password and they are in. FV2 blocks this.

Here is a good test from Anadtech showing the speed hit from enabling FV2. It is very minor.

Miat · Mar 13, 2013, 07:08 PM

Quote:

Originally Posted by AlanShutko

There was definitely more of an impact on the Core 2 Duos, but it was still tolerable from the stuff I've read.

Running FV2 is not an issue on my 2007 C2D iMac.

Mar 12, 2013, 12:08 PM	#1
msmth928 macrumors regular Join Date: Jun 2009	Is the hard drive accessible via usb or thunderbolt? Just wondering whether the hard drive of my (2012) MBA would be accessible via usb or thunderbolt if it got stolen. I have my account password protected but would like to keep my files safe if possible - is filevault the only option? Or is password protection generally enough? (Does filevault slow down MBA's much if turned on?) __________________
	0

Mar 13, 2013, 01:24 PM	#12
Mrbobb macrumors 68020 Join Date: Aug 2012	If just against nosy people, firmware pwd is enough. However if you have bank accounts info, and other stuff you NEVER want anybody to see EVER, then encryption is recommended. __________________ Solution: FREE, Explanation: Is gonna cost ya.
	0

Mar 13, 2013, 03:16 PM	#13
msmth928 Thread Starter macrumors regular Join Date: Jun 2009	Thanks for the replies everyone - I have enabled filevault and there doesn't seem to be any noticeable slowdown __________________
	1

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Mar 12, 2013, 12:27 PM	#2
garybUK Guest Join Date: Jun 2002	You can start the computer in 'Target Disk Mode' by holding down T when you switch on the computer, this makes the computer behave as a giant external hdd. I guess if someone stole your laptop they can access it this way, Filevault would stop this as (IIRC from the old days).... it creates a giant encrypted/passworded sparse bundle which is mounted when you boot.....
	0

Mar 12, 2013, 12:41 PM	#3
AlanShutko macrumors 6502 Join Date: Jun 2008	Nowadays it doesn't use a sparse bundle, it encrypts the whole partition. But the result is the same: your data will not be retrievable without your password.
	0

Mar 12, 2013, 11:08 PM	#10
AlanShutko macrumors 6502 Join Date: Jun 2008	The Core i* processors have hardware encryption, so Filevault is a very, very minimal performance impact. I do not notice the impact on my2012 i7 MBA. There was definitely more of an impact on the Core 2 Duos, but it was still tolerable from the stuff I've read.
	0