This article originally appeared in TidBITS on 2011-11-16 at 5:58 p.m.
The permanent URL for this article is:
Include images: Off

FileVault 2 Hides Data in Plain Sight

by Glenn Fleishman

Apple significantly improved how your Mac’s vital data can be protected in Mac OS X 10.7 Lion by taking the FileVault encryption system that covered only user directories and expanding its scope to full-disk encryption. FileVault 2 encrypts the entire contents of your startup disk (the boot partition, that is). When you start up a Mac with FileVault 2 enabled, you’re actually booting from Lion’s Recovery HD partition; when you enter an account’s login name and password (one you previously enabled as being accessible to the FileVault login), the boot process activates the encryption key used to protect the startup partition, and off you go.

I recently wrote at length about using FileVault 2 [1] for Macworld, detailing the risks involved and how to prepare before turning on encryption. I also explained how to encrypt non-boot partitions and drives using Disk Utility and the command line in Terminal.

After I wrote that article, Apple released Mac OS X 10.7.2, which includes iCloud support and the Find My Mac service. With the help of a commenter, I discovered — and documented in a second article at Macworld [2] — that using FileVault 2 in conjunction with a new Guest User account option at startup could trick a laptop thief into connecting to a Wi-Fi network and revealing the Mac’s location. In fact, just powering up the system will do the trick. In short, Apple has crafted a honey pot to lure thieves into Find My Mac’s net.