Most of us keep lots of sensitive personal data stored on our Macs. If your Mac is stolen or lost, the last thing you’d want someone else to have is access to all that data. FileVault is the name Apple gives its features which encrypt stored data, so that no one else can gain access to it.
Intel Macs without T2 chips
Since Mac OS X 10.3, when Apple released the first version of FileVault, you’ve been able to encrypt some of the contents of internal storage. In what’s now often referred to as FileVault 1 or Legacy FileVault, only Home folders were encrypted into a sparsebundle. These caused problems with Time Machine backups, and have proved comparatively easy to crack. Even on old Macs, you shouldn’t assume that FileVault 1 provides any significant protection to your data.
FileVault 2 was introduced in Mac OS X 10.7, and provides whole-volume encryption based on the user password. Encryption is performed using the XTS-AES mode of AES with a 256-bit key, by the CPU. All recent Intel processors have instructions to make this easier and quicker, but all data written to an encrypted volume has to be encrypted before it’s written to disk, and all data read from it has to be decrypted before it can be used. This imposes significant overhead of around 3%, which is more noticeable on slower storage such as hard disks, and with slower Macs.
Turning FileVault on and off is quite a pain, as the whole volume has to be encrypted or decrypted in the background, a process which takes many hours or even days. Most users try to avoid doing this too often as a result, so, while FileVault is secure and effective, it isn’t as widely used as it should be.
T2 and M1 hardware encryption
One of Apple’s goals in adding the T2 chip to Intel Macs, and in the design of Apple Silicon chips like the M1 series, is to make encrypted volumes the default. To achieve that, T2 and M1 chips incorporate secure enclaves and perform encryption and decryption in hardware, rather than using CPU cycles.
The T2 chip acts as the storage controller for the internal SSD, so all data transferred between the Intel processor and SSD passes through an encryption stage in the T2’s hardware. All Macs with T2 chips, with the exception of the Mac Pro 2019, have internal storage which is soldered into place to make its removal challenging. The Mac Pro 2019 has replaceable internal SSDs, but following replacement new internal storage has to be initialised against that Mac’s T2 chip using Apple Configurator 2.
When FileVault is disabled, data on protected volumes is still encrypted using a volume encryption key (VEK), which is protected by a hardware key and a xART key used to protect from replay attacks. When FileVault is enabled, the same VEK is used, but it’s protected by a key encryption key (KEK), and the user password is required to unwrap that KEK, so protecting the VEK which is used to perform encryption/decryption. This means that the user can change their password without the volume having to be re-encrypted, and allows the use of special recovery keys in case the user password is lost or forgotten. To protect these keys, they are handled in a secure enclave in T2 and M1 chips. On Intel Macs, they never leave the T2 chip, so are never exposed to the Mac’s Intel processor.
Securely erasing an encrypted volume, also performed when ‘erasing all content and settings’, results in the secure enclave deleting its VEK and the xART key, which renders the residual volume data inaccessible even to the secure enclave itself. This ensures that there is no need to delete or overwrite any residual data from an encrypted volume: once the volume’s encryption key has been deleted, its previous contents are immediately unrecoverable.
Coverage of boot volumes by encryption varies according to the version of macOS. Prior to macOS Catalina, where macOS has a single system volume, the whole of that is encrypted; in Catalina, both System and Data volumes are encrypted; in Big Sur and later, the Signed and Sealed System Volume (SSV) isn’t encrypted, nor are Recovery volumes, but the Data volume is.
Hardware encryption and FileVault’s ingenious tricks aren’t available for external disks, but APFS was designed to incorporate software encryption from the outset. As with internal SSDs, the key used to encrypt the volume contents isn’t exposed, but accessed via a series of wrappers, which enables the use of recovery keys if the user password is lost or forgotten. This involves a KEK and VEK in a similar manner to FileVault on internal SSDs. As the file system on the volume is also encrypted, after the KEK and VEK have been unwrapped, the next task in accessing an encrypted volume is to decrypt the file system B-tree using the VEK.
Various makes and models of external storage offer their own hardware encryption. For example, many SSDs have a whole-disk encryption option, although macOS doesn’t give ready access to such device-specific features. Storage which isn’t specifically designed to meet recognised security standards should be treated with great suspicion: several specialist assessments of general-purpose SSDs have found vulnerabilities in their encryption. Unless you’re prepared to purchase external storage which is specifically designed and certified to provide robust hardware encryption, such as iStorage products, you’re better off using FileVault with its encrypted APFS volumes.
- On T2 and M1 Macs, enable FileVault, as it provides robust protection of the Data volume on internal storage, without performance penalty.
- On Intel Macs without a T2 chip, make an informed decision on FileVault.
- Don’t forget to use FileVault on external storage, where needed.
- Don’t trust whole-disk encryption on external disks unless it’s designed and certified to provide robust hardware encryption.
- FileVault provides an instant and highly effective way to securely erase your data.