Infrastructure // PC & Servers
02:10 AM

How To Set Up Whole Disk Encryption In OS X 10.7 Lion

OS X Lion's FileVault feature is overhauled and now allows whole disk encryption.

One of the most valuable and significant changes Apple made to OS X Lion 10.7 is its overhaul of FileVault.

The OS X 10.6 version of FileVault protected just private data like pictures, email messages and other documents -- and only inside an encrypted home folder. Now, in Lion, FileVault2 enables full-disk encryption. This is an important improvement because it means FileVault is encrypting the entire file system -- not just a folder. For IT and tech pros, this addresses most of the security concerns around FileVault and Macs in the enterprise.

FileVault2 uses full disk, XTS-AES 128 encryption to keep your data secure. It is also quite easy to use. Mac users can toggle it off and on. It encrypts in the background and works seamlessly.

To use FileVault2, open System Preferences. Click Security & Privacy.

Click the padlock to unlock the Security & Privacy preferences.

Enter your user name and password -- you'll need administrative rights on the Mac you're encrypting.

Click on the FileVault tab.

Click on Turn On FileVault.

Your Mac will display your recovery key. This is important – make a copy of it and keep it secure.

Select whether to store your recovery key on Apple’s servers. Declining means you'd better hang onto that key. Better to accept and let Apple help you recover your data should you lose the key.

Select Store the Recovery key with Apple and hit Continue. The system next asks three security questions.

Here are the available questions.

Fill in all three. Click Continue.

The process requires a restart. Select that here.

The process takes a while. Grab a snack or keep working -- FileVault will encrypt as a background process.

Once FileVault is finished, you will see the message saying that encryption is finished.

The entire process took approximately an hour to complete on my 13-inch MacBook Air with a 256GB SSD drive. I worked on this piece while it encrypted. I looked but didn't notice any significant impact on available free disk space on my boot drive.

The only noticeable change is that the Mac now shows a new boot screen on restart. That's how you know FileVault is working. You'll always log in with user ID and password to get past this point.

Apple really got this right. FileVault2 works smoothly. I log in only once at this new screen and I’m immediately presented with my Finder desktop. You won't ever be sorry you used FireVault, but it's easy to imagine regretting you didn't.

Based in Houston, David Martin is a technologist at BYTE. Follow him @David_W_Martin or email him at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.