Page 1 of 2

Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Sun Jun 21, 2015 7:30 pm
by ObtuseMoose
Years ago, Apple introduced FileVault on Mac OS X (10.3 IIRC), which encrypted your home folder for security in case your laptop was lost or stolen. Pretty much everyone agrees that it was an unmitigated disaster: it was slow and prone to failure, locking you out of your own files. So much so that it earned the nickname VileFault.

However, starting with Mac OS X 10.7 (Lion), Apple released FileVault 2, which is supposedly much improved. It encrypts the entire disk and the consensus seems to be that while it does impact disk read/write performance, the impact is quite small. The impact on CPU utilization is negligible because it takes advantage of the encryption hardware built into the Intel i5 and i7 CPUs.

So my question is: does anyone here run Live 9 on a Mac with FileVault 2 enabled? If so, do you notice any problems?

Ableton's answer to such a question in their online help is that while they haven't officially tested usage with FileVault 2, they also haven't received any reports of problems.

--
Moose

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Sun Jun 21, 2015 9:12 pm
by Quez
works fine for me (SSD here - not HDD)

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Sun Jun 21, 2015 10:37 pm
by hacktheplanet
FileVault 2 works nicely and the performance hit is almost unnoticable. 99.9% of the time there are no problems. KEEP YOUR RECOVERY KEY. 0.1% of the time it does something weird and fails to properly unlock your disk at boot. It's extremely rare, and I've only see such issues twice in two years among the 30 or so Macs I support at my day job.

It won't hurt to get comfortable with the command line in case FileVault takes a shit and you need to use the various recovery tools to decrypt your drive so it will boot properly or to recover your data.

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Mon Jun 22, 2015 3:08 am
by oblique strategies
hacktheplanet wrote:It won't hurt to get comfortable with the command line in case FileVault takes a shit and you need to use the various recovery tools to decrypt your drive so it will boot properly or to recover your data.
Any resources or links you can recommend for the proper terminal commands?

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Mon Jun 22, 2015 2:49 pm
by ObtuseMoose
Thanks for the replies, folks. My understanding is that it's easy to turn FileVault off and have it decrypt everything if it causes problems, so I'll give it a try.
hacktheplanet wrote:It won't hurt to get comfortable with the command line in case FileVault takes a shit and you need to use the various recovery tools to decrypt your drive so it will boot properly or to recover your data.
I'm very comfortable with command line usage, but don't know about anything specific to recovering from FileVault issues and haven't researched it (yet). I'll echo Oblique's question: if you have any links to useful info about recovering from FileVault issues within easy reach, I'd be grateful to hear about them.

--
Moose

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Mon Jun 22, 2015 3:35 pm
by steko

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Mon Jun 22, 2015 4:18 pm
by H20nly
*bookmark*

:idea:

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Tue Jun 23, 2015 12:06 am
by oblique strategies
Thanks for all the info! :)

Now to wade through it...

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Tue Jun 23, 2015 7:51 am
by fishmonkey
personally i wouldn't use whole disk encryption unless you really need everything protected. there is a performance hit and an increased chance of losing the whole disk to corruption.

if you only have a small amount of sensitive data, i would recommend using an encrypted disk image. you can use something like Knox to make them easy to manage:

https://agilebits.com/knox

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Wed Jun 24, 2015 12:34 am
by hacktheplanet
Steko dropped a nice little link bomb. Good explanations on all dem pages.

Basically you option boot to a recovery partition, then open a terminal to do stuff.
As described in steko's links, fdesetup is the utility you want. You can do man fdesetup at the cli to see everything, and you can also check it here: https://developer.apple.com/library/mac ... tup.8.html

If you get bit by any of the incredibly rare FV2 issues, I offer phone support for $50/hour, 1 hr minimum. :D
fishmonkey wrote:if you only have a small amount of sensitive data, i would recommend using an encrypted disk image. you can use something like Knox to make them easy to manage:

https://agilebits.com/knox
This is also a good idea. Encryption is fucking important these days.

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Wed Jun 24, 2015 12:53 am
by fishmonkey
hacktheplanet wrote: If you get bit by any of the incredibly rare FV2 issues, I offer phone support for $50/hour, 1 hr minimum. :D
incredibly rare? based on what statistics?

anything encrypted is by nature more vulnerable to corruption. even a small amount of corruption can turn the whole lot into useless gobbledegook...

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Wed Jun 24, 2015 1:32 am
by ObtuseMoose
Thanks, Steko for that list of links and hacktheplanet for confirming fdesetup is the relevant utility.

Fishmonkey, up to now (or actually, sometime in the near future), I have been using individual encrypted disk images for storing sensitive documents. However, for a variety of reasons, that's becoming increasingly burdensome, so I'm investigating FV2.

Of course, the better plan is to have a separate machine dedicated to music so there's nothing sensitive on it. (Well, except for my bad compositions. If they ever got out, I'd probably die of embarrassment :-) ) But that's not feasible right now.

Thanks again for all the helpful responses.

--
Moose

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Wed Jun 24, 2015 2:53 pm
by steko

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Sat Jun 27, 2015 4:44 pm
by hacktheplanet
Just my experiences. At work I manage ~30ish Macs. Since I deployed FV2 last year, I've seen 2 issues where the disk wouldn't unlock properly at boot and I had to do recovery.

Re: Live 9 with Mac OS X FileVault2 disk encryption?

Posted: Sat Jun 27, 2015 6:49 pm
by H20nly
2 out of 30, that's not great odds. Any idea what other factors, if any, may have contributed?