T2 + Filevault? Pros+Cons? Any performance hit?

Discussion in 'MacBook Pro' started by RumorConsumer, Jun 14, 2019.

  1. RumorConsumer macrumors 6502a

    RumorConsumer

    Joined:
    Jun 16, 2016
    #1
    Hey there!
    So my new Macbook Pro 2019 has a T2 chip in it which hardware binds my built in SSD to the chip. Cool.

    I also have the option to turn on Filevault.

    I know it does the algorithm in hardware. Has anybody benchmarked the difference between file vault on or off on these units? Would it mean I simply couldn't target disk mode the machine without entering the password?
     
  2. Thysanoptera macrumors 6502a

    Joined:
    Jun 12, 2018
    Location:
    Pittsburgh, PA
    #2
    FileVault on or off is exactly the same. The disk is always encrypted, enabling FileVault is nothing more than password requirement before decryption. With FileVault off the disk will be automatically decrypted on boot up.
     
  3. RumorConsumer thread starter macrumors 6502a

    RumorConsumer

    Joined:
    Jun 16, 2016
    #3
    So turning on the toggle for Filevault in Security System Preferences doesn't at all raise the potential for corruption?
     
  4. Thysanoptera macrumors 6502a

    Joined:
    Jun 12, 2018
    Location:
    Pittsburgh, PA
    #4
    Nope, it just stops the machine startup until you type the password. Other than that it is identical.
     
  5. RumorConsumer thread starter macrumors 6502a

    RumorConsumer

    Joined:
    Jun 16, 2016
    #5
    target mode though would prompt for a password before mounting the volume, no? i could just test it i guess.
     
  6. Thysanoptera macrumors 6502a

    Joined:
    Jun 12, 2018
    Location:
    Pittsburgh, PA
    #6
    Yes, you will have to type password before mounting.
     
  7. RumorConsumer thread starter macrumors 6502a

    RumorConsumer

    Joined:
    Jun 16, 2016
    #7
    Interesting. Yeah two layers wouldn't make sense I suppose. So if I turn it on it won't have to go through an encryption process? Would you have it on or off and why? Ive just always steered clear of it before now.
     
  8. NoBoMac macrumors 68020

    NoBoMac

    Joined:
    Jul 1, 2014
    #8
    As @Thysanoptera said, APFS volumes are encrypted, whether or not Filevault is on. Filevault adds another layer of encryption: volume encryption key gets encrypted.

    https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf

     
  9. RumorConsumer thread starter macrumors 6502a

    RumorConsumer

    Joined:
    Jun 16, 2016
    #9
  10. jchap macrumors member

    jchap

    Joined:
    Sep 25, 2009
    #10
    Although perhaps slightly unrelated to this thread, upon reading the documentation mentioned it’s interesting to note that the microphone on Macs with a T2 are hardware-disabled when the lid is closed.

    All Mac notebooks with the Apple T2 Security Chip feature a hardware disconnect that ensures the microphone is disabled whenever the lid is closed. On 13-inch MacBook Pro and MacBook Air computers with the T2 chip, this disconnect is implemented in hardware alone, and prevents any software—even with root or kernel privileges in macOS, and even the software on the T2 chip—from engaging the microphone when the lid is closed.
     
  11. RumorConsumer thread starter macrumors 6502a

    RumorConsumer

    Joined:
    Jun 16, 2016

Share This Page

10 June 14, 2019