FileVault Question

Discussion in 'macOS Mojave (10.14)' started by James Godfrey, Oct 29, 2018.

  1. James Godfrey macrumors 6502

    Joined:
    Oct 13, 2011
    #1
    Hi

    Just wondering if anyone can help, I recently wanted to do a fresh install of Mojave, however, the disc on my MacBook Pro was encrypted with FileVault... which I presumed needed to be enabled so if I was ever to sell my Mac my data would be secure.

    So i restarted with command r, entered disc utility, unlocked the disc and erased then reinstalled MacOS Mojave.

    Once reinstalled, during the set up process it requested the previous password used for the disc as it was encrypted...?? Is this normal behaviour? And if so what would happen if the machine was sold onto a new owner? As obviously they wouldn’t have access to the old password?

    Am I supposed to disable FileVault before restoring the Mac? Would this then make my data vulnerable?

    Any help would be greatly appreciated.
     
  2. Porkchop Sandwich macrumors regular

    Joined:
    Feb 3, 2017
    #2
    What you described is indeed normal. (the system asking for your disk password)

    Before a clean wipe and re-install, turn off fv.
     
  3. chabig, Oct 29, 2018
    Last edited: Oct 29, 2018

    chabig macrumors 603

    Joined:
    Sep 6, 2002
    #3
    You don't have to turn off FileVault to restore your Mac or update the OS. Just give it the password when it asks. You should not give an encrypted drive to someone else when you sell the computer.
     
  4. James Godfrey thread starter macrumors 6502

    Joined:
    Oct 13, 2011
    #4
    Right no problem so just to double check... if I was to sell on my Mac and I turn off FileVault before a restore is my data safe on an SSD as there are no secure erase options?
     
  5. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #5
    When you sell your Mac, follow Apple's instructions: https://support.apple.com/en-us/HT201065

    You will not have to turn off FileVault if you erase and reinstall the OS as Apple suggests (I said otherwise above but I was wrong). Reformatting the drive during installation will leave the drive unencrypted for the buyer.

    Your data is not at risk because it was stored encrypted. If someone were to go look at the low level bits stored there all they will find is encrypted gibberish, with no means to decrypt it. That's why there is no longer a secure erase option--none is needed.
     
  6. James Godfrey thread starter macrumors 6502

    Joined:
    Oct 13, 2011
    #6
    Yeah that’s what I thought, however, when I set the MacBook back up it requested the previous password of the disc as it was previously encrypted... which I presume it would do if it was someone else setting it up for the first time making the MacBook unusable for them.
     
  7. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #7
    I think that Apple's steps should be correct, if followed in order. While you're booted to the recovery partition, you have to provide the FileVault password to unlock the drive before you can erase it. Then when you erase the drive the FileVault keys are discarded, leaving FileVault off and the data irretrievably scrambled.

    Perhaps you reinstalled the OS without actually erasing the drive first. Your accounts and data would still be there, protected by the password.
     
  8. James Godfrey thread starter macrumors 6502

    Joined:
    Oct 13, 2011
    #8
    No I definitely unlocked then erased the drive in DU then reinstalled the macOS seems very strange that it requests the previous password during set up as I presumed it wouldn’t... just got me thinking about when it comes to sell it if it would be an issue for the new owner...
     
  9. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #9
    Well if you ever go to sell the Mac. Reinstall and reboot. If it doesn't ask for the password, you're good. If it does, provide the password, log in, and turn off FileVault. I'd then reinstall once more to be safe.
     
  10. James Godfrey thread starter macrumors 6502

    Joined:
    Oct 13, 2011
    #10
    I have a feeling this may be an extra layer of security that apple has implemented in Mojave maybe as I can’t find anyone online who has ran into this... by apples standards FileVault isn’t created with securing a Mac when selling to a new owner in mind, as an erase of in encrypted disc is enough, I think apple sees FileVault as a way of securing your Mac in the event of theft etc...
     

Share This Page

9 October 29, 2018