About encrypted storage on your new Mac

Learn about encrypted storage on computers that have the Apple T2 chip, and make sure that your data is fully protected.

Mac computers that have the Apple T2 chip integrate security into both software and hardware to provide encrypted-storage capabilities. Data on the built-in, solid-state drive (SSD) is encrypted using a hardware-accelerated AES engine built into the Apple T2 chip. This encryption is performed with 256-bit keys tied to a unique identifier within the chip. 

The advanced encryption technology integrated into the Apple T2 chip provides line-speed encryption, but it also means that if the portion of the chip containing your encryption keys becomes damaged, you might need to restore the content of your drive from a backup. This content includes system files, apps, accounts, preferences, music, photos, movies, and documents.

Always back up your content to a secure external drive or other secure backup location so that you can restore it, if necessary. You should also turn on FileVault for additional security, because without FileVault enabled, your encrypted SSDs automatically mount and decrypt when connected to your Mac.

Make a backup

Set up Time Machine or another backup method to regularly back up your Mac to a secure external source.

Files that you store in iCloud Drive, as well as photos and videos that you store in iCloud Photo Library, are automatically uploaded to iCloud. When you use iCloud Photo Library, full-resolution photos and videos are stored on your Mac by default and included in a Time Machine backup. If you choose to optimize iCloud Photo Library on your Mac, the full-resolution originals are not included in a Time Machine backup.

Turn on FileVault

Though the SSD in computers that have the Apple T2 chip is encrypted, you should turn on FileVault so that your Mac requires a password to decrypt your data.

To turn on FileVault, follow these steps:

  1. Choose Apple menu () > System Preferences, then click Security & Privacy.
  2. Click the FileVault tab.
  3. Click , then enter an administrator name and password.
  4. Click Turn On FileVault.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: Fri Jul 13 14:35:49 GMT 2018