Achieving fast boot, encryption, and battery health on a Mac portable

Discussion in 'MacBook Pro' started by Dequanizatifici, Oct 13, 2013.

  1. Dequanizatifici macrumors newbie

    Joined:
    Oct 13, 2013
    #1
    My current computer is getting old and I'm going to switch to a Mac when I replace it. I'm looking for a setup that has these properties:

    1. Turns on as quickly as possible
    2. I still have a usable battery even after years of using the computer primarily plugged in
    3. The drive is encrypted to the point that anyone who steals the machine while it's off won't be able to get any data off it. I'm thinking of common thieves who might true to use what they've stolen for identity theft, not people who can freeze my RAM immediately after I turn my computer off
    I currently achieve this under Windows with the following configuration:
    1. When I use the computer while plugged in (often for weeks at a time), I take out the good battery and put it in the fridge, replacing it with an old battery that no longer holds a charge from the save computer
    2. I put the computer into hibernate when I'm not using it
    3. I encrypt every partition that contains anything important with TrueCrypt.
      In particular, the hibernation snapshot is encrypted so that you can't start it up unless you know the TrueCrypt password
    How should I achieve something similar under MacOS? The things that worry me are:
    1. As far as I can tell, MacOS sleep is the closest analogue to hibernate that's available short of doing some hacking. After lots of looking I haven't been able to convince myself the FileVault 2 protects a computer while it's sleeping. For example, this page says, "While your Mac is booted, anyone with physical access to the computer...could access your data. So get used to shutting down your Mac when it's not in use, or when it's out of your control, rather than putting it to sleep."
    2. Sleeping Macs continue to require a small amount of energy. This means that the computer will be constantly drawing power and therefore aging the (non-removable) battery
    I'd like to get a MacBook Pro. I've considered getting a MacBook Air and a Mac Mini, which would solve the issues I described above, but that costs more and requires some work to make sure that the files I need are on whatever computer I'm using.
     
  2. snaky69 macrumors 603

    Joined:
    Mar 14, 2008
    #2
    1. Buy a SSD.
    2. Your battery strategy is both useless and not doable on a mac portable as they have built-in, non removable batteries. LiPo batteries used in current Mac portables have a finite life, whether you talk about battery cycles or a given time.

    They are able to hold up to 80% of their charge after 1000 cycles, when you near 1000 cycles or 2-3 years of use, your battery is on borrowed time and can and will die, REGARDLESS of the way you used it during it's lifetime.

    This whole battery cycling thing is useless now that batteries are LiPo, and battery controllers are better than ever. They cannot overcharge, they trickle charge and discharge when plugged in for any amount of time and all that jazz, for you. Basically, just use your computer, don't bother monitoring the battery health, you're wasting time.

    3. Use filevault 2 and remote wipe using find my mac.
     
  3. MatthewAMEL macrumors 6502

    MatthewAMEL

    Joined:
    Oct 23, 2007
    Location:
    Orlando, FL
    #3
    Any currently available MacBook Pro/Air configured with an SSD will meet your power on and encrypted requirements.

    OS X 10.8 and higher offer a feature called Power Nap
    http://support.apple.com/kb/ht5394

    Filevault 2 offers whole-disk encryption
    https://support.apple.com/kb/HT4790

    iCloud also offers a rudimentary low-jack system
    http://www.apple.com/support/icloud/find-my-device/

    You could also continue using TrueCrypt. It's available on OS X.

    As for your battery. Nope. MBP/Air use sealed, glued-in batteries.
    Apple offers a battery replacement service, but it's pricey.
    http://support.apple.com/kb/HT1446#Servicing
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    The FileVault password can no longer be accessed while the machine is asleep. What those older articles are referring to is direct memory access (DMA) access to ram to grab a password. This is blocked starting with OS X 10.7.2 so is no longer an issue with newer Macs.

    Any of the new mac portables would do what you want. Just turn on FileVault and sleep the machine when you are not using it.
     
  5. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #5
    It used to be $129 for a new battery, regardless of if you had an older notebooks that had a user-replacable battery (where you could just walk in, buy a new battery, and do it yourself) or one of the newer notebooks that requires a tech to replace the sealed battery you.
     
  6. CausticPuppy macrumors 65816

    Joined:
    May 1, 2012
    #6
    That's a lot of trouble to go through!
    Just let the battery drain once a month and you'll be fine, you'll have good battery life for years.

    http://www.apple.com/batteries/notebooks.html


    If you use Filevault 2, the sleep image is on the encrypted partition. But the stuff that's already loaded into memory is not encrypted-- this is true no matter what disk encryption software you use. Just make sure your screensaver is password protected and remember to use the ctrl-shift-power shortcut to put the screen to sleep when you walk away from it.

    That's one option, if you rarely need to use a portable. Use Dropbox and you'll never have to wonder if you have the right files on each machine.
     
  7. Dequanizatifici thread starter macrumors newbie

    Joined:
    Oct 13, 2013
    #7
    Thank you, everyone for the answers. One follow-up to the item posted above. By googling around for more information based on some of the answers here, I found this post which says,
    and links to this Apple whitepaper (which references OSX 10.7.4) on the subject.

    Is running "sudo pmset destroyfvkeyonstandby 1" necessary? Sufficient?
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    The author of that article is correct that the PW is in memory for the reasons explained, but the 10.7.2 update blocks DMA access to retrieve that PW. I don't understand what he is talking about not needed the PW if a thief wakes up the machine. I would think anybody using FV would have their system setup a a PW is required when waking from sleep.

    The ONLY vulnerability to having the PW in memory like this is theoretically one could freeze the RAM chips to prevent discharge and retain the data then pop the RAM chips in another machine and try to access the stored PW in RAM. Of course newer Air models have RAM soldered in so this is only an issue with removable RAM models like the Pro.

    I say theoretical because each time this comes up I get someone posting to Youtube videos telling me this can be done. Then the Youtube videos are of some old PC where this is tested. I have yet to see anybody claim thy have recovered a FV2 PW from a Mac RAM chip using these methods.

    IMO using that command is not worth the inconvenience it introduces. I guess you have to weigh that yourself.
     

Share This Page