This will only work on Macs running Lion – Macs running Snow Leopard or earlier will tell you that they can’t read the disk.Īlso like BitLocker, the new FileVault also offers full volume encryption for any external disks, including Time Machine backup disks – when you plug an external drive into your Mac, the Time Machine dialog box now includes an option to encrypt your drive. If you ever need to connect your hard drive to another Mac (whether through Target Disk Mode or otherwise) to rescue or access data on an encrypted drive, FileVault will allow you to access your data from any Mac running Lion as long as you have either your account password or your encryption key handy – when you plug the disk in, the OS will ask you to unlock it, and once unlocked you can work with the data as you would on an unencrypted drive (you can also unlock the drive manually in Disk Utility). If your Mac’s recovery partition is missing (for one reason or another – the most common reasons for this to happen are setting up Lion on a disk with an exotic partitioning scheme, or using a disk imaging program that doesn’t capture the recovery partition), FileVault will simply error out and tell you to reformat your hard drive, where Windows will offer to repartition your drive for you. In the first of our BitLocker comparisons, it’s worth noting that BitLocker uses a small, unencrypted system partition to perform similar checks. Once the OS does load, you’ll automatically be logged in as the user who unlocked the computer – you won’t need to login twice. When cold booting, a FileVault-encrypted Mac uses the recovery partition we talked about earlier as a bootloader, since the main OS is now on an encrypted volume – you have to use the credentials of an approved user account to login before any OS files load. This, of course, is how the technology is supposed to work, but it’s important that you know it was designed with no backdoor – you get in with your account’s password or your encryption key, or you don’t get in at all. If you lose the key, forget your account password, and either neglect to store your key with Apple or forget the answers to any of your security questions, your data is gone. Losing this key and forgetting your local account’s password can be remedied if you chose to store your recovery key with Apple, who will give it back to you if you can properly answer three security questions they asked you when you setup FileVault. Click Turn on Filevault, and the Mac will generate a 24-digit recovery key that you can use to unlock or decrypt your hard drive in the event that you forget your account password. Note that FileVault isn’t, strictly speaking, full disk encryption, so any other partitions on your Mac are not encrypted unless you reformat them separately, and non-Lion partitions (a Windows or Snow Leopard partition, for example) cannot be protected by the new FileVault.įileVault can still be found in the Security & Privacy System Preference pane. Where the old FileVault would just encrypt a given user’s home folder by encapsulating it in an encrypted DMG disk image, it would leave the rest of the hard drive (all applications, system files, and unencrypted user accounts) unencrypted and potentially vulnerable.įileVault in Lion makes the switch to volume encryption – the implementation is similar in many ways to the BitLocker drive encryption that ships with the Ultimate and Enterprise editions of Windows 7. FileVault isn’t new to OS X, but the thing called FileVault in Lion is pretty drastically different from the FileVault that was first introduced in 10.3.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |