I have seen a number of posts that say that "when a filevault user is logged in, the user's files are not encrypted", and that one should logout to
encrypt them again.
This conflicts with how I thought filevault would work. I assumed it operates at the level of the disk driver -- that it enables a driver that decripts
the data as it reads it from disk into memory. In this approach, the data on disk is always encrypted, but any program that asks for the data (and has permissions) will receive the unencrypted data.
It is a big difference... In the scheme where all the data is decrypted on login, all one needs to do is power off the machine while the user is logged in,
and the data will now be unencrypted on the disk.
encrypt them again.
This conflicts with how I thought filevault would work. I assumed it operates at the level of the disk driver -- that it enables a driver that decripts
the data as it reads it from disk into memory. In this approach, the data on disk is always encrypted, but any program that asks for the data (and has permissions) will receive the unencrypted data.
It is a big difference... In the scheme where all the data is decrypted on login, all one needs to do is power off the machine while the user is logged in,
and the data will now be unencrypted on the disk.