About FileVault 2 and Encrypted disks

Discussion in 'OS X Yosemite (10.10)' started by osxnerd, Nov 2, 2014.

  1. osxnerd macrumors newbie

    Joined:
    Oct 1, 2012
    #1
    I installed Yosemite on an disk formatted as Mac OS Extended (Journaled, Encrypted). For this purpose I entered a password. When I booted the machine up I got three icons on the logins screen:

    • My User.
    • Encrypted Drive.
    • Guest User.

    Once I had logged in FileVault was active in the System settings. After a bit of research I found out that to get rid of the Encrypted Drive login icon I had to deactivate FileVault and then reactivate it, so I did that. It took forever but now there is no Encrypted Drive icon on the login screen. The thing is that when I reactivated FileVault I was given a Key as opposed to entering a password. So I'm left wondering what is the difference between installing OS X to an encrypted filesystem and installing OS X to a garden variety unencrypted Mac OS Extended volume and activating FileVault afterwards? I always figured these two methods basically end up giving you the same result. Plus, why did I have to enter a password when I created the encrypted volume the first time but got a key the second time when I re-activated FileVault? Am I now double encrypting my disk?
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    That encrypted format you did in Disk Util is intended for non-OS drives and not the OS drive. Althought the encryption is the same, the FileVault encryption process done by activating within the OS generates that recovery key you mentioned and also make changes to the recovery partition so the system boots straight to a login screen on that recovery volume, then after you enter the password if unlocks the OS volume and boots to it.

    By encrypting first then installing you have bypassed that boot setup process.
     
  3. osxnerd thread starter macrumors newbie

    Joined:
    Oct 1, 2012
    #3
    Well after starting out by installing OS X on an encrypted drive, then deactivating Filevault, reactivating it and then deactivating it once again Disk utility now tells me the file system type of my disk is Mac OS Extended (Journaled), i.e. no encryption. As far as I can tell I now basically have what I would have gotten if I had just done a regular install to begin with. It seems to me that activating File Vault on a Mac OS Extended (Journaled) formatted disk and installing OS X onto a Mac OS Extended (Journaled, Encrypted) partition is basically the same thing other than the points you mentioned.
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    It is the same thing as far the disk encryption is concerned, but what I am saying is I don' believe the system behaves the same way at boot.

    When you formatted the drive to the encrypted format then installed after that, what did you see when you booted? What came up on the screen?
     
  5. osxnerd thread starter macrumors newbie

    Joined:
    Oct 1, 2012
    #5
    When I opened System Preferences -> Security & Privacy after the initial installation of Yosemite on the encrypted boot disk I saw that File Vault 2 was on so in order to get rid of the "Encrypted Disk" icon on the login screen I turned File Vault 2 off. Afterwards Disk Utility reported the file system was Mac OS Extended (Journaled) not Mac OS Extended (Journaled, Encrypted) like it was before. When I turned File Vault 2 back on the file system type was back to Mac OS Extended (Journaled, Encrypted) but now the "Encrypted Disk" icon on the login screen was gone.
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    That is what I was thinking. By turning it on through the FileVault interface in System Prefs it alters the boot process.
     

Share This Page