I enabled FileVault on my Macbook right from the start. For trying out some things I might want to disable it and enable it again. Maybe several times. I know decryption and re-encryption can take a long time but I am wondering if it could actually do any harm, like slowing down the computer in the long run or creating orphaned files on the SSD?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Does turning FileVault off and back on several times do any harm?
- Thread starter bostich
- Start date
- Sort by reaction score
It depends on which machine you have. A Mac with an M1/M2 or T2 chip will be encrypted regardless whether you have enabled FileVault, so turning it on/off will not have a notable impact. On other machines, enabling and disabling encryption results in the system writing a lot of data. This can cause wear to the drive. Other than that I don't think there are any long-term effects.
Ok, I had no idea. I have a M1 MBP. So why does FileVault even exist on those Macs? What additional protection does FileVault give me? I will do some research about this.
I just want my login screen to have the same background image as the desktop. Some blog posts suggest one needs to disable FileVault to achieve this.
These articles explain it very well. With FileVault off, the encrypted data is protected by a hardware key in the Secure Enclave, thus making the data available to someone who surreptitiously gains physical access to machine. But with FileVault on, that hardware key is further encrypted with your user password, so even if someone had your machine, the data would remain encrypted without your password. It's an extra level of security.
Intro to FileVault
Mac computers offer FileVault, a built-in encryption capability, to secure all data at rest.
support.apple.com
Explainer: FileVault
On T2 and M1 Macs, FileVault provides robust protection of the Data volume on internal storage without any performance penalty.
eclecticlight.co
So what use is this default encryption if it doesn't protect my data from someone who gets physical access to my drive? These articles are a bit too technical for me ...
But I think I understood as much that enabling and disabling FileVault isn't actually encrypting or decrypting data but merely adding a password to the already existing encryption. And because of that it is instantaneous and can be repeated infinite times without doing any harm.
It's good to have your data encrypted at rest. FileVault doesn't make the data more encrypted. It just links the encryption key to your login password. As I understand it, without FileVault the data is decrypted when the machine boots because the key is in hardware. When you boot a FileVault protected machine, the data isn't decrypted until you enter your password.
Exactly.
At rest encryption also allows for quick "wipe" of the drive.
If re-homing the machine, a machine reset will erase the encryption keys making the user volume unreadable. No more need to erase the drive. No more worrying about someone else being to recover data off the drive.
And along same lines, if using Find My to do a remote erase of the machine, it simply erases the encryption key.
Pretty much how iOS does things on the Mac these days.
If re-homing the machine, a machine reset will erase the encryption keys making the user volume unreadable. No more need to erase the drive. No more worrying about someone else being to recover data off the drive.
And along same lines, if using Find My to do a remote erase of the machine, it simply erases the encryption key.
Pretty much how iOS does things on the Mac these days.