Encrypt Drive or Not?

Discussion in 'MacBook Pro' started by mneblett, Jan 25, 2014.

  1. mneblett macrumors 6502

    Joined:
    Jun 7, 2008
    #1
    I've read a few horror stories about lost/stolen MBP's, and I understand that encrypting the storage would provide protection against personal information being extracted/misused.

    Before I take the plunge and encrypt my SSD, however, I want to understand what may be the consequences of encryption.

    Any impact on system performance? My primary concern is making my machine slower/sluggish. (Two cases here: I have a late '13 rMBP and a late '08 MBP, both with SSD)

    Any other impacts?

    Thanks for your thoughts.
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    I have been using Filevault since it was released and never had a problem. Benchmark tests like this show a bit of a performance hit, but I have never been able to tell the difference.

    The good news is, it is very easy to turn if off if you don't like it. Turn it on and use the machine and if you find it slows you down, just turn it off.

    IMO if you are using a portable that you take out of the house, it is imperative that your turn on encryption.
     
  3. whiteonline macrumors 6502

    whiteonline

    Joined:
    Aug 19, 2011
    Location:
    California, USA
    #3
    I agree with Weaselboy. There is no reason to not use it. The performance impact is minimal.

    I also recommend enabling the firmware password.

    My thoughts: If my MacBook is stolen, not only is my data safe because of file vault, the machine itself becomes a big aluminum doorstop with the firmware password enabled.
     
  4. mneblett thread starter macrumors 6502

    Joined:
    Jun 7, 2008
    #4
    Thanks -- doorstop mode is already engaged :)

    That's exactly what I was looking for -- time to give Filevault a try.
     
  5. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #5
    I have FV2 engaged on my rMBP - I think given the risk of theft, its a no brainer and the performance hit isn't that bad.
     
  6. laurihoefs macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    #6
    I agree with what Weaselboy, whiteonline and maflynn have said, and my own experience with File Vault on a mid-2012 15" rMBP supports this.

    I'd like to add something to the review Weaselboy linked: the benchmarks were run on a Sandy Bridge CPU, and the AES performance of current Haswell CPUs is slightly better. So on your 13" rMBP the performance hit should be even less noticeable.

    The older Core 2 Duo CPU of the '08 MBP does not support AES-NI though, so its disk-I/O performance might take a bit more hit. But even that should be barely noticeable in use, if at all.
     
  7. mneblett thread starter macrumors 6502

    Joined:
    Jun 7, 2008
    #7
    I have completed the FileVault encryption. I have not yet noticed an appreciable performance hit; the only difference so far is the need to enter my password any time the machine wakes from sleep.

    Thanks for the info. The late '08 C2D never leaves the house, and does not have much in the way of "critical" info on it (it is my now-retired MBP, primarily used by my spouse when her iPad is not at hand). I will leave that machine unencrypted.
     
  8. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #8
    Love Firevault--works great on my rMBP and even on my 6 yo iMac it runs just fine with no noticeable performance hit. Highly recommended to secure your data.
     
  9. G0meZ macrumors regular

    Joined:
    Aug 9, 2011
    #9
    uh say, with fv2 on, what are the benefits of the firmware password?
     
  10. mneblett thread starter macrumors 6502

    Joined:
    Jun 7, 2008
    #10
    As I understand it, without a firmware password, the machine can be wiped (eliminating the encrypted data completely) and a fresh OS installed -- in other words, the machine can be reused. With a firmware password, the machine is essentially bricked, so essentially no market for it, except for parts.
     
  11. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #11
    I'm more concerned about my data then the laptop, so I don't have the firmware password set, but that's just me.
     
  12. mneblett thread starter macrumors 6502

    Joined:
    Jun 7, 2008
    #12
    Understood. I prefer the satisfaction of knowing that if stolen, the b@$$%&d that took it can't get any benefit from the evil deed.
     
  13. G0meZ macrumors regular

    Joined:
    Aug 9, 2011
    #13
    Sure?
    Last time i checked on some earlier mbp, all that was needed to reset that paasword was removing the ram...
     
  14. Weaselboy, Jan 25, 2014
    Last edited: Jan 26, 2014

    Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #14
    It prevents anybody from booting from anything other than the currently set boot drive, making hacking more difficult. Also has the added bonus of making your stolen machine pretty much worthless to a thief.

    Not since 2011 models.
     
  15. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #15
    And just how do you remove the ram from the Retina MacBook Pro?
     
  16. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #16
    He specified he was talking about the earlier MBP.
     
  17. G0meZ macrumors regular

    Joined:
    Aug 9, 2011
    #17
    i did :rolleyes:
    and thanks for clarifying yall.
     
  18. taz92, Feb 5, 2014
    Last edited: Feb 5, 2014

    taz92 macrumors newbie

    Joined:
    Aug 12, 2010
    #18
  19. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #19
    Boot into Recovery and open Firmware Password Utility from the Utilities menu.
     
  20. DaveTheRave macrumors 6502a

    Joined:
    May 22, 2003
    #20
    If you enable it does it have any impact on Time Machine? Would your next backup take a very long time?
     
  21. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #21
    It has no meaningful impact on TM, there's a slight impact on performance due to the overhead of decrypting when accessing data on the drive. The TM backup will be unencrypted unless you choose to encrypt your TM backups as well.
     
  22. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #22
    The next backup will be no different than normal. Think of this as putting all your data inside a locked box. Once you login the box is opened and all the data is sitting there the same as it always was.

    Like maflynn touched on, it is a good idea to also encrypt your Time Machine backup also.
     
  23. Gunlance macrumors newbie

    Joined:
    Jul 6, 2012
    #23
    if FV is enabled, can you still plug the drive in as an external device to copy files? Such as if I get a new mac and want to copy over my music without doing migration assistant?
     
  24. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #24
    Do you mean with the FV drive still in the source machine? Yes, as long as you are logged in the "vault" is open and the OS works pretty much normally. So Migration Assistant or even file sharing to move files would work like normal.

    By "plug the drive in" are you meaning putting the FV drive in an external enclosure and accessing it that way? You could do that then start Disk Util and go to the File menu and select unlock disk and supply your FV password to unlock the drive.
     
  25. JimmyTW87 macrumors member

    Joined:
    Jun 24, 2013
    Location:
    Derbyshire, UK
    #25
    thanks

    cheers guys, I was totally unaware of the firmware password thing, now done it, VMT
     

Share This Page