Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

File Vault 2 - Full Drive Encryption

VydorScope

VydorScope

macrumors regular
Original poster
Oct 12, 2011
166
0
Is anyone using the full drive encryption that comes with Lion vai the new File Vault? Any problems/pitfalls with it? I use True Crypt for full drive encryption on some of my externals, and bit locker on my work laptop... looking for something simular for my Macs.

Thanks!
 
I am using FV2 on both my iMac and a Macbook Pro with absolutely no problems. It is completely transparent.
 
Weaselboy said:
I am using FV2 on both my iMac and a Macbook Pro with absolutely no problems. It is completely transparent.
Click to expand...

Cool, was it something that you could let work in the background to do the initial encrypt? Was a reboot required?
 
I have FileVault 2 enabled on two of my Macs, and it works fine for me.

The only noticeable difference you'll see for everyday usage is the different login screen which appears right after you turn the computer on. You just login with you account password normally, which unlocks the drive and the computer then boots and logs into your account.

A reboot is required to enable FileVault 2, after that it encrypts the drive in the background, so you can continue working while it's doing this.
 
You can use True Crypt on the Mac too!

I use FV2 on my iMac and MBP - No issues for me, I personally think it slows down emptying the trash can and also transferring from the computer to an external - nothing that I would loose sleep over though!

VydorScope said:
Is anyone using the full drive encryption that comes with Lion vai the new File Vault? Any problems/pitfalls with it? I use True Crypt for full drive encryption on some of my externals, and bit locker on my work laptop... looking for something simular for my Macs.

Thanks!
Click to expand...
 
VydorScope said:
Cool, was it something that you could let work in the background to do the initial encrypt? Was a reboot required?
Click to expand...

When you first turn on FV2, it reboots once to start the initial encryption of the disk and that is it. No reboot required after that. You can use the computer normally while it is encrypting.

eenuuk said:
You can use True Crypt on the Mac too!

I use FV2 on my iMac and MBP - No issues for me, I personally think it slows down emptying the trash can and also transferring from the computer to an external - nothing that I would loose sleep over though!
Click to expand...

I have not noticed either of these issues.
 
Cool... now i just have to find a time when its not to painful to close all 20,000 programs I have open and reboot! :D
 
Weaselboy said:
I am using FV2 on both my iMac and a Macbook Pro with absolutely no problems. It is completely transparent.
Click to expand...

It is "transparent" on all Macs which support the AES-NI.

I should also add, that the recent security updates for Lion remove a security hole (FW-DMA), regarding FV2.

From --> http://support.apple.com/kb/HT5002
Kernel

Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1

Impact: A person with physical access may be able to access the user's password

Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in.

CVE-ID

CVE-2011-3215 : Passware, Inc.
Click to expand...
 
Last edited:
VydorScope said:
Hmm mine is a Core 2 Duo and is not listed, does that mean FV2 wont work? It gave me no error when I opened it.
Click to expand...

FV2 will definitely work on a C2D, but there might be a a small slowdown of the system. You likely won't even notice any difference.

That list just shows processors which have a dedicated encryption feature.
 
The only issue I had was that I have a dual HDD system, FV2 only wants to encrypt the boot drive, which is useless if you have all your data (home area) on the non boot drive!
You can use FV2 to encrypt the second drive, but you have to do it from the command line.
The problems then start when you try and boot and login after encrypting your data volume, you can't! The drive is encrypted and you haven't had an opportunity to unlock it. Fortunately I had a second admin account with it's home area on the boot dive, so I was able to login, unlock the home volume and go back into my main user account.

This would be a total PITA to do everytime you startup the computer, fortunately I found a script that unlocks the second HDD on startup for you. it's here if you need it https://github.com/jridgewell/unlock
install instructions
https://github.com/jridgewell/Unlock/blob/master/README.md
 
The only thing to be careful with is partitioning a FV 2 drive. If you enable File Vault 2 on a drive, the drive becomes a Core Storage volume. You cannot directly add/remove/resize partitions to such a drive with Disk Utility.

You first need to disable File Vault, wait for the drive to be reconverted from Core Storage, change the partitions and then again re-enable File Vault.
 
yetanotherdave said:
The only issue I had was that I have a dual HDD system, FV2 only wants to encrypt the boot drive, which is useless if you have all your data (home area) on the non boot drive!
You can use FV2 to encrypt the second drive, but you have to do it from the command line.
The problems then start when you try and boot and login after encrypting your data volume, you can't! The drive is encrypted and you haven't had an opportunity to unlock it. Fortunately I had a second admin account with it's home area on the boot dive, so I was able to login, unlock the home volume and go back into my main user account.

This would be a total PITA to do everytime you startup the computer, fortunately I found a script that unlocks the second HDD on startup for you. it's here if you need it https://github.com/jridgewell/unlock
install instructions
https://github.com/jridgewell/Unlock/blob/master/README.md
Click to expand...

Yeah this is a bit of a pain, though it is only an issue if you have moved your home to the other drive, if you just want to have other drives encrypted for storing data on there isn't a problem as you can unlock them at login.
 
Or you can just transfer the content of that drive to another and format it as an encrypted FV2 volume then move your stuff back

yetanotherdave said:
The only issue I had was that I have a dual HDD system, FV2 only wants to encrypt the boot drive, which is useless if you have all your data (home area) on the non boot drive!
You can use FV2 to encrypt the second drive, but you have to do it from the command line.
The problems then start when you try and boot and login after encrypting your data volume, you can't! The drive is encrypted and you haven't had an opportunity to unlock it. Fortunately I had a second admin account with it's home area on the boot dive, so I was able to login, unlock the home volume and go back into my main user account.

This would be a total PITA to do everytime you startup the computer, fortunately I found a script that unlocks the second HDD on startup for you. it's here if you need it https://github.com/jridgewell/unlock
install instructions
https://github.com/jridgewell/Unlock/blob/master/README.md
Click to expand...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back