Encrypt FileVault 2 on sleep - MacBook Pro w/ SSD

[LeggoMyMacbook]

Hello, I am the owner of a 2015 macbook pro 15" with SSD. What I am hoping to do is make is so that when i close the lid on my macbook, the SSD will be re-encrypted, requiring the encryption password to be unlocked again. i have tried the 'sudo sh -c pmset -a destroyfvkeyonstandby 1' command, but this does not seem to be working. The way I was able to confirm that it did not work is as follows;

I have 2 accounts on my MacBook; my administrator account, and a standard account without administrative privelages. My standard account does not have permission to decrypt filevault, and as such it does not show up on initial login after the macbook has been powered down. The only account the shows up from a cold boot is my admin account since this is the only account with filevault unlock privileges. So, from what i understand, if the filevault key was actually being destroyed from ram upon entering sleep mode, then I should only be able to re-log in from my administrator account upos waking the computer from sleep, just as required at the first login from a cold boot. Hiwever, this is not the case. When waking from sleep I am able to login from either my admin account, or the standard account.

If anyone could provide me with some insight as to how I can get filevault to re-encrypt upon the macbook entering sleep mode (destroy the encryption key from memory) it would be greatly appreciated! Thank you!

 

[BLUEDOG314]

Have you read that this is possible? (I haven't researched this, this is the first I am hearing of it) From my understanding of encryption this wouldn't be possible unless Apple has some fancy way of doing it. If the computer loses access to the decryption key, in my mind it should have to unmount Macintosh HD, essentially meaning the OS is no longer booted and your computer would just be back at the filevault splash screen like it was turned on from a cold boot.

 

[LeggoMyMacbook]

Have you read that this is possible? (I haven't researched this, this is the first I am hearing of it) From my understanding of encryption this wouldn't be possible unless Apple has some fancy way of doing it. If the computer loses access to the decryption key, in my mind it should have to unmount Macintosh HD, essentially meaning the OS is no longer booted and your computer would just be back at the filevault splash screen like it was turned on from a cold boot.

That's kind of what I was hoping to do. However I do believe they got rid of the filevault splash screen. From a cold boot I am just prompted to login with a user account, and the only one that shows is the one that I have allowed to un-encrypt my disk. And it takes 15-30 seconds for the little progress bar to fill up, I assume this is the decryption process.

Anyways yea, I am hoping there is some way to destroy the FileVault key out of the RAM. That way it would be required to decrypt the disk again.

 

[revmacian]

That's kind of what I was hoping to do. However I do believe they got rid of the filevault splash screen. From a cold boot I am just prompted to login with a user account, and the only one that shows is the one that I have allowed to un-encrypt my disk. And it takes 15-30 seconds for the little progress bar to fill up, I assume this is the decryption process.

Anyways yea, I am hoping there is some way to destroy the FileVault key out of the RAM. That way it would be required to decrypt the disk again.

From https://support.apple.com/en-us/HT204837

"When FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically."

As far as I know, the disk is only decrypted during boot up and not re-encrypted when the computer goes to sleep.

 

[chabig]

Hello, I am the owner of a 2015 macbook pro 15" with SSD. What I am hoping to do is make is so that when i close the lid on my macbook, the SSD will be re-encrypted, requiring the encryption password to be unlocked again.

I’m certain that what you’re asking for is impossible. The keys to the encryption have to be there for the machine to operate, and a sleeping Mac is still operating (i.e., it’s booted). The only way to achieve what you want is to shut down the machine. When a FileVault machine boots, the firmware displays the login screen, requiring you to put in your password so it can actually decrypt the data on the drive and boot. From then on, the OS needs access to the drive until the machine is shut down.

 

[BLUEDOG314]

The splash screen IS the first log in you see for the only user able to decrypt drive You see that BEFORE you see the loading bar. Anything you see before the loading bar is happening before the OS is booted.