FileVault
FileVault is a feature of Mac OS X / OS X / macOS for encrypting personal data. It has been included as standard in the scope of delivery since Mac OS X Panther (10.3, 2003).
First generation FileVault only encrypted the user directory ; no further data was recorded and data in the user directory cannot be excluded from encryption with FileVault. However, programs can also be encrypted with it if a user program folder is created and used in the home folder instead of the global program folder.
With the introduction of Mac OS X Lion (10.7, 2011), the new version FileVault 2 also supports hard disk encryption ; the encryption technology has been switched to XTS-AES 128. In addition, encryption on the fly is now possible, so the Mac can continue to be used during the encryption process, a function that is also common with other software.
Storage format
FileVault (1st generation) has been using a growing bundle image for encryption since Mac OS X Leopard (10.5, 2007) , in which the user data is stored and which is transparently integrated (mounted) as a user directory when the user logs in. When the user logs out, the bundle image that grows with the user is compressed and, if necessary, saved with Time Machine .
Up to and including Mac OS X Tiger 10.4.11 (2007), FileVault used an encrypted sparse disk image , from version 10.4.7 (2006) in a modified form that improved data security and stability in the event of system crashes ( header of encryption instead saved at the end of the sparse disk image). With the switch to the aforementioned sparse bundles, data security has been further improved, and sparse bundles also allow quick access to the data and enable differential data backup with Time Machine.
A major difference between Sparse Image and Sparse Bundle is the choice of how to store the encrypted disk data . With Sparse Image , a “single” block of data is saved. With sparse bundles , the operating system splits the “higher-level disk” into 8 MB parts (so-called bands ). This process is transparent for the user. When upgrading from an older system version to Mac OS X Leopard (10.5, 2007), the original disc format is retained. In order to be able to use the new Sparse Bundle format , FileVault must be deactivated and reactivated for the user account.
FileVault 2 no longer requires a sparse bundle , but is based on the Logical Volume Manager Core Storage .
Backup with TimeMachine
To use FileVault 1 with Time Machine , the user must not be logged in at the time of the backup. The data of the sparse file is transferred during the backup , whereby the data integrity is preserved.
While the entire file has to be transferred with a sparse image , only changed bands (the 8 MB blocks) are transferred when using a sparse bundle , which significantly shortens the duration of the backup.
These restrictions no longer apply as of FileVault 2 as of Mac OS X Lion (10.7, 2011).
safety
In a study carried out in 2008, key material from FileVault could be read through a cold start attack.
Web links
- Lecture "Unlocking FileVault 1" at the 23rd Chaos Communication Congress (2006) by Jacob Appelbaum and Ralf-Philipp Weinmann (via Chaosradio )
Individual evidence
- ↑ Mac OS X Lion: About FileVault 2. Apple, September 22, 2011, accessed July 31, 2012 .
- ↑ J. Alex Halderman, et al .: Read We Remember: Cold Boot Attacks on Encryption Keys Archived from the original on May 14, 2008. Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. In: Princeton University . February 2008. Retrieved July 24, 2011.
