Volume encryption with FileVault in macOS
Mac computers offer FileVault, a built-in encryption capability, to secure all data at rest. FileVault uses the AES-XTS data encryption algorithm to protect full volumes on internal and removable storage devices.
FileVault on a Mac with Apple silicon is implemented using Data Protection Class C with a volume key. On a Mac with Apple silicon and a Mac with an Apple T2 Security Chip, encrypted internal storage devices directly connected to the Secure Enclave leverage its hardware security capabilities as well as that of the AES Engine. After a user turns on FileVault on a Mac, their credentials are required during the boot process.
For Mac computers:
Prior to those with a T2 chip
With internal storage that didn’t originally ship with the Mac
With attached external storage
After FileVault is turned on, all existing files and any further data written are encrypted. Data that was added and then deleted before turning on FileVault isn’t encrypted and may be recoverable with forensic data recovery tools.
Internal storage with FileVault turned on
Without valid login credentials or a cryptographic recovery key, the internal APFS volumes remain encrypted and are protected from unauthorized access even if the physical storage device is removed and connected to another computer. In macOS 10.15, this includes both the system volume and the data volume. In macOS 11 or later, the system volume is protected by the signed system volume (SSV) feature, but the data volume remains protected by encryption. Internal volume encryption on a Mac with Apple silicon as well as those with the T2 chip is implemented by constructing and managing a hierarchy of keys, and builds on the hardware encryption technologies built into the chip. This hierarchy of keys is designed to simultaneously achieve four goals:
Require the user’s password for decryption
Protect the system from a brute-force attack directly against storage media removed from Mac
Provide a swift and secure method for wiping content via deletion of necessary cryptographic material
Enable users to change their password (and in turn the cryptographic keys used to protect their files) without requiring reencryption of the entire volume
On a Mac with Apple silicon and those with the T2 chip, all FileVault key handling occurs in the Secure Enclave; encryption keys are never directly exposed to the CPU. All APFS volumes are created with a volume encryption key by default. Volume and metadata contents are encrypted with this volume encryption key, which is wrapped with a key encryption key (KEK). The KEK is protected by a combination of the user’s password and hardware UID when FileVault is turned on.
Internal storage with FileVault turned off
If FileVault isn’t turned on in a Mac with Apple silicon or a Mac with the T2 chip during the initial Setup Assistant process, the volume is still encrypted but the volume encryption key is protected only by the hardware UID in the Secure Enclave.
If FileVault is turned on later—a process that’s immediate because the data has already been encrypted—an anti-replay mechanism helps prevent the old key (based on hardware UID only) from being used to decrypt the volume. The volume is then protected by a combination of the user password with the hardware UID as previously described.
Deleting FileVault volumes
When deleting a volume, its volume encryption key is securely deleted by the Secure Enclave. This helps prevent future access with this key even by the Secure Enclave. In addition, all volume encryption keys are wrapped with a media key. The media key doesn’t provide additional confidentiality of data; instead, it’s designed to enable swift and secure deletion of data because without it decryption is impossible.
On a Mac with Apple silicon and a Mac with the T2 chip, the media key is guaranteed to be erased by the Secure Enclave supported technology—for example by remote device management commands. Erasing the media key in this manner renders the volume cryptographically inaccessible.
FileVault recovery
macOS offers an additional password recovery option if a user has lost their account password. When FileVault is turned on, a recovery key is generated. The recovery key is a sequence of 24 random numbers and letters. It can be viewed in System Settings under Privacy & Security > FileVault, and is stored in the keychain so that it can be retrieved using the Passwords app. Additional recovery key considerations are:
When using iCloud Keychain, the recovery key is securely synchronized along with other user passwords.
When not using iCloud, the user is presented with the FileVault recovery key which should be stored in a safe location.
The recovery key can be used in recoveryOS or at the Login Window when pressing Shift-Option-Return instead of the user password to unlock FileVault.
On managed Mac computers, the organization’s device management service can optionally escrow the key. For more information, see Managing FileVault in macOS.
Removable storage devices
Encryption of removable storage devices doesn’t utilize the security capabilities of the Secure Enclave and instead is performed in the same manner as an Intel-based Mac without the T2 chip.