How To Set Up Whole Disk Encryption In OS X 10.7 Lion - InformationWeek
Infrastructure // PC & Servers
02:10 AM

How To Set Up Whole Disk Encryption In OS X 10.7 Lion

OS X Lion's FileVault feature is overhauled and now allows whole disk encryption.

One of the most valuable and significant changes Apple made to OS X Lion 10.7 is its overhaul of FileVault.

The OS X 10.6 version of FileVault protected just private data like pictures, email messages and other documents -- and only inside an encrypted home folder. Now, in Lion, FileVault2 enables full-disk encryption. This is an important improvement because it means FileVault is encrypting the entire file system -- not just a folder. For IT and tech pros, this addresses most of the security concerns around FileVault and Macs in the enterprise.

FileVault2 uses full disk, XTS-AES 128 encryption to keep your data secure. It is also quite easy to use. Mac users can toggle it off and on. It encrypts in the background and works seamlessly.

To use FileVault2, open System Preferences. Click Security & Privacy.

Click the padlock to unlock the Security & Privacy preferences.

Enter your user name and password -- you'll need administrative rights on the Mac you're encrypting.

Click on the FileVault tab.

Click on Turn On FileVault.

Your Mac will display your recovery key. This is important – make a copy of it and keep it secure.

Select whether to store your recovery key on Apple’s servers. Declining means you'd better hang onto that key. Better to accept and let Apple help you recover your data should you lose the key.

Select Store the Recovery key with Apple and hit Continue. The system next asks three security questions.

Here are the available questions.

Fill in all three. Click Continue.

The process requires a restart. Select that here.

The process takes a while. Grab a snack or keep working -- FileVault will encrypt as a background process.

Once FileVault is finished, you will see the message saying that encryption is finished.

The entire process took approximately an hour to complete on my 13-inch MacBook Air with a 256GB SSD drive. I worked on this piece while it encrypted. I looked but didn't notice any significant impact on available free disk space on my boot drive.

The only noticeable change is that the Mac now shows a new boot screen on restart. That's how you know FileVault is working. You'll always log in with user ID and password to get past this point.

Apple really got this right. FileVault2 works smoothly. I log in only once at this new screen and I’m immediately presented with my Finder desktop. You won't ever be sorry you used FireVault, but it's easy to imagine regretting you didn't.

Based in Houston, David Martin is a technologist at BYTE. Follow him @David_W_Martin or email him at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll