Managing FileVault in macOS
In Mac OS X 10.3 or later, Mac computers provide FileVault, a built-in encryption capability to secure all data at rest. FileVault uses the AES-XTS data encryption algorithm to protect full volumes on internal and removable storage devices. On Mac computers with the Apple T2 Security Chip, encrypted internal storage devices directly connected to the T2 chip leverage the hardware security capabilities of the chip. After a user turns on FileVault on a Mac, their credentials are required during the boot process.
Internal volume encryption when FileVault is turned on
Without valid login credentials or a cryptographic recovery key, the internal APFS volume (in macOS 10.15, this includes the System and Data volumes) remains encrypted and is protected from unauthorized access even if the physical storage device is removed and connected to another computer. Internal volume encryption on a Mac with the T2 chip is implemented by constructing and managing a hierarchy of keys, and builds on the hardware encryption technologies built into the chip. This hierarchy of keys is designed to simultaneously achieve four goals:
Require the user’s password for decryption
Protect the system from a brute-force attack directly against storage media removed from Mac
Provide a swift and secure method for wiping content via deletion of necessary cryptographic material
Enable users to change their password (and in turn the cryptographic keys used to protect their files) without requiring reencryption of the entire volume
On Mac computers with the T2 chip, all FileVault key handling occurs in the Secure Enclave; encryption keys are never directly exposed to the Intel CPU. All APFS volumes are created with a volume key by default. Volume and metadata contents are encrypted with this volume key, which is wrapped with the class key. The class key is protected by a combination of the user’s password and the hardware UID when FileVault is turned on. This protection is the default on Mac computers with the T2 chip.
Note: Encryption of removable storage devices doesn’t utilize the security capabilities of the Apple T2 Security Chip, and its encryption is performed in the same manner as Mac computers without the T2 chip.
Internal volume encryption when FileVault is turned off
If FileVault isn’t turned on on a Mac with the Apple T2 Security Chip during the initial Setup Assistant process, the volume is still encrypted but the volume key is protected only by the hardware UID in the Secure Enclave.
If FileVault is turned on later—a process that is immediate since the data was already encrypted—an anti-replay mechanism prevents the old key (based on hardware UID only) from being used to decrypt the volume. The volume is then protected by a combination of the user password with the hardware UID as previously described.
Deleting FileVault volumes
When deleting a volume, its volume key is securely deleted by Secure Enclave. This prevents future access with this key even by the Secure Enclave. In addition, all volume keys are wrapped with a media key. The media key doesn’t provide additional confidentiality of data, but instead is designed to enable swift and secure deletion of data because without it, decryption is impossible.
The media key is located in Effaceable Storage and designed to be quickly erased on demand—for example, using remote wipe using Find My or when enrolled in a mobile device management (MDM) solution. Effaceable Storage accesses the underlying storage technology (for example, NAND) to directly address and erase a small number of blocks at a very low level. Erasing the media key in this manner renders the volume cryptographically inaccessible.