Using hibernation to secure a Mac with FileVault

FileVault – at least since version 2 released with Lion back in 2011 – is a powerful and effective way to prevent others from accessing anything stored on your disk. Apart from a small boot partition on your startup drive, the whole of the rest is encrypted. With a suitably robust passphrase, all the files on that disk should be effectively secured from anyone – apart, perhaps, from government security agencies – so long as your Mac is shut down.

The snag is that we don’t always shut our Macs down when we leave them, and this is likely to be a more significant problem with Macs on the move – MacBooks, MacBook Airs, and MacBook Pros. By default, when your laptop goes to sleep, the FileVault key is left active, and is even retained when the system goes into standby. This makes it quicker to wake your Mac up, but doesn’t protect its contents completely.

There is a method of improving this, by forcing your Mac to go from sleep to hibernate (standby) mode, and to set that to trigger destruction of the FileVault key. Clearly you don’t want to have to do that every time your Mac goes to sleep, so the practical approach is to set a delay before it automatically switches from sleep to hibernate, when FileVault will become fully activated again and its key removed from memory.

Although some utilities such as MacPilot, which give detailed access to Power Management settings, may provide a more friendly way to do this, the standard method of setting this up is using the pmset command in Terminal.

As for how you trigger sleep, that is up to you. Jonathan Zdziarski has described an elegant scheme using the Touch Bar on the latest MacBook Pro. If you have a Touch Bar, you can add a sleep button to it using Customize Control Strip in the Keyboard pane. This can then be triggered very quickly, such as when you walk off to get a coffee.

Provided that you return and wake your Mac before it goes into hibernate mode, FileVault will still let you straight back in when you have authenticated with your fingerprint on the Touch Bar.

If someone takes your Mac, or you are delayed, once the time delay has expired, it will automatically go into hibernate mode. This removes power from memory, and destroys the FileVault key. When someone tries to wake the Mac now, they will first have to enter their password to unlock FileVault, then authenticate with a fingerprint (or password). Unlike shutting down, though, the Mac next restores the state from when it went to sleep, and is much quicker than starting up from a shutdown.

If you are tempted to set this up on your Mac – even if it does not have the convenience of the Touch Bar – Jonathan Zdziarski provides all the commands and instructions necessary.

I’ll be taking a look at the pmset command here very soon, so that you will be able to devise your own schemes and implement them.