Infrastructure // PC & Servers
02:10 AM
Connect Directly
Repost This

How To Set Up Whole Disk Encryption In OS X 10.7 Lion

OS X Lion's FileVault feature is overhauled and now allows whole disk encryption.

One of the most valuable and significant changes Apple made to OS X Lion 10.7 is its overhaul of FileVault.

The OS X 10.6 version of FileVault protected just private data like pictures, email messages and other documents -- and only inside an encrypted home folder. Now, in Lion, FileVault2 enables full-disk encryption. This is an important improvement because it means FileVault is encrypting the entire file system -- not just a folder. For IT and tech pros, this addresses most of the security concerns around FileVault and Macs in the enterprise.

FileVault2 uses full disk, XTS-AES 128 encryption to keep your data secure. It is also quite easy to use. Mac users can toggle it off and on. It encrypts in the background and works seamlessly.

To use FileVault2, open System Preferences. Click Security & Privacy.

Click the padlock to unlock the Security & Privacy preferences.

Enter your user name and password -- you'll need administrative rights on the Mac you're encrypting.

Click on the FileVault tab.

Click on Turn On FileVault.

Your Mac will display your recovery key. This is important – make a copy of it and keep it secure.

Select whether to store your recovery key on Apple’s servers. Declining means you'd better hang onto that key. Better to accept and let Apple help you recover your data should you lose the key.

Select Store the Recovery key with Apple and hit Continue. The system next asks three security questions.

Here are the available questions.

Fill in all three. Click Continue.

The process requires a restart. Select that here.

The process takes a while. Grab a snack or keep working -- FileVault will encrypt as a background process.

Once FileVault is finished, you will see the message saying that encryption is finished.

The entire process took approximately an hour to complete on my 13-inch MacBook Air with a 256GB SSD drive. I worked on this piece while it encrypted. I looked but didn't notice any significant impact on available free disk space on my boot drive.

The only noticeable change is that the Mac now shows a new boot screen on restart. That's how you know FileVault is working. You'll always log in with user ID and password to get past this point.

Apple really got this right. FileVault2 works smoothly. I log in only once at this new screen and I’m immediately presented with my Finder desktop. You won't ever be sorry you used FireVault, but it's easy to imagine regretting you didn't.

Based in Houston, David Martin is a technologist at BYTE. Follow him @David_W_Martin or email him at

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.