I noticed the progress bar that quickly fills after you enter your login password after you reboot. I don’t think I saw that on my Mac Mini M1 by default. Did Apple turn on Filevault by default on the Mac Studio? If it is just a desktop PC in your home, is there any harm in turning it off? Thanks.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is Filevault on by default on the Mac Studio?
- Thread starter Avenger
- Start date
- Sort by reaction score
I NEVER use FileVault (M1 MBA) - I don't need the extreme level of security.
However, I tested FileVault, and it took less than 10 seconds to decrypt.
Good catch! Indeed, File Vault was on at my Mac Studio. I turned it off and now I finally don’t see that progress bar anymore. But I have the same issue with my MacBook Pro. So I will check tomorrow if FileVault is on there too.
Thanks a ton!
Thanks a ton!
For what it's worth, I really don't see any benefit in disabling it. The only difference is more security with it on and that can never hurt, right?
Unless you might need to restore files from the SSD if your machine breaks. I never use filevault or the Windows version just incase. It really doesn't gain me any more security anyway.
This isn’t possible on newer Macs. The disk is always encrypted on Apple Silicon Macs (and on Intel Macs with the T2 chip) even if you don’t use FileVault. So if your Mac is broken, your SSD will be unreadable on another machine anyway because you won’t have the key that’s stored in the Secure Enclave to unlock it. (With that in mind, I hope you are backing up your files to a secondary location often, because the data is unrecoverable if your Mac breaks.)
Since the disk is always encrypted, this also explains why FileFault turns on or off quickly compared to older Macs. It doesn’t have to encrypt an already encrypted disk when turning it on, nor will it be decrypted when turning it off.
These articles explain it more detail, and why you might want to leave FileVault on.
How FileVault and the T2 Security Chip work together in newer Macs
Macs with a T2 chip always encrypt their drives. Why is FileVault necessary?rn
www.macworld.com
Modern Macs Still Need FileVault
If you buy a modern Mac in 2020, it is going to come with a special physical component called the Secure Enclave. This component enables Apple to carry over many popular iOS features which require extra hardware security like Touch ID and Apple Pay to the Mac.
www.kolide.com
Last edited:
For backups, I have over 40TB of backups, 3+ versions of everything. I'm an IT guy, I know the necessity of redundant backups.
Interesting article, thanks, I stand corrected on encryption. A firmware password would probably be just as good as filevault from getting info off the disk.
I still wont use filevault personally, because I can do the same thing as this article says if the computer is still somewhat functional. There's always a gap between creating some data and when it gets backed up, and I might need that. I don't really have anything stored that I would consider as needing to be secure on my mac's.
In another thread, it was mentioned that if users skip the Monterey update until after the initial setup, then FireVault does not enable.
FileVault is very fast on Macs with Apple chips like T2 and M1 series. Just turn it on.
FileVault never enables by itself. It’s a user setting to turn it on and allow your account password to unlock the drive. But the drive is always encrypted. That cannot be turned off.
Sorry, I meant to say that it enabled if the user selected to update before the initial setup.
I deferred the 12.3 update until after setup. FileVault was already turned on.
If File Vault was an option during installation, it appears that a lot of people missed it. I realised that it was on when I set up Time Machine and got a pop-up screen saying that my Time Machine drive wasn't encrypted 
Here's why I'm not enabling FileVault:
- All my personal info is in an encrypted container that mounts on boot when I login to my account. If the machine is shutdown to do the targeted disk mode attack, the encrypted container would be unmounted and the files inaccessible
- My M1 (Studio) doesn't have a disk that can be removed, but even if it did, the T2 encryption would prevent read it.
- I have a very strong login password and the Guest account is disabled.
- If my Mac is stolen, I want them to boot it up and try to use it. That way, Find My Mac will know where it is.
During the migration from my 2019 i9 iMac (in target disk mode because MA would only use peer to peer wifi) to the Studio Max, I had to stop the migration because I had an urgent need to use the iMac.
Upon exiting the TDM by shutting down the iMac, it would no longer re-start. Much tinkering and trying a million things resulted in the outcome that FileVault somehow got corrupted - I got strange server errors and iCloud could no longer provide the key.
Fortunately, I had 99% of the iMac backed up and thus was able to restore from TimeMachine instead. Lesson learned. Before doing a migration, backup your data, turn off FileVault, and have lots of patience. My impatience always get the best of me...
Upon exiting the TDM by shutting down the iMac, it would no longer re-start. Much tinkering and trying a million things resulted in the outcome that FileVault somehow got corrupted - I got strange server errors and iCloud could no longer provide the key.
Fortunately, I had 99% of the iMac backed up and thus was able to restore from TimeMachine instead. Lesson learned. Before doing a migration, backup your data, turn off FileVault, and have lots of patience. My impatience always get the best of me...
As has been said above, all modern Macs with either M1 or T2 already have their drives encrypted. On the Intel Macs with T2 you can still set a firmware password to prevent target disk mode with file vault turned off. On the M1 Macs, there is no firmware password and FileVault must be enabled to prevent target disk mode from being accessed.
For remote access, the T2 Intel Macs were ideal, because with a firmware password set, target disk mode could not be used to steal data, but access to the system would still be available remotely after a reboot with FileVault turned off.
Unfortunately, the M1 Macs no longer have a firmware password, so FileVault must be turned on to prevent access to target disk mode - which also has the negative side effect of needing to login at the keyboard after a reboot making remote access a bigger challenge.
For remote access, the T2 Intel Macs were ideal, because with a firmware password set, target disk mode could not be used to steal data, but access to the system would still be available remotely after a reboot with FileVault turned off.
Unfortunately, the M1 Macs no longer have a firmware password, so FileVault must be turned on to prevent access to target disk mode - which also has the negative side effect of needing to login at the keyboard after a reboot making remote access a bigger challenge.
Never had FileVault turned ON in any of my macs. On the Mac Studio I didn’t realize that I had it ON until this post. I was having some issues with my monitors not going to sleep after the screen saver time reached the end, the annoying bar after reboot and apps taking long time to start. After turning OFF FileVault, all my issues disappeared and the Mac Studio is flying.