{"id":1662,"date":"2009-10-13T14:50:45","date_gmt":"2009-10-13T18:50:45","guid":{"rendered":"http:\/\/www.schollnick.net\/wordpress\/?page_id=1662"},"modified":"2010-11-20T13:18:46","modified_gmt":"2010-11-20T18:18:46","slug":"file-vault-information","status":"publish","type":"page","link":"http:\/\/www.schollnick.net\/wordpress\/macintosh-related\/file-vault-information\/","title":{"rendered":"File Vault Information"},"content":{"rendered":"<p><strong>What is File Vault?<\/strong><\/p>\n<p>File Vault is a built-in encryption system for Mac OS X 10.3 and higher, which protects the users home directory on Macintosh OS X systems. \u00c2\u00a0File Vault operates by using a variation on the &#8220;Portable Home Folder&#8221; system that the Macintosh OS offers. \u00c2\u00a0The principal is that the a new home folder is placed on a AES encrypted disk image, and then old home folder is moved onto this encrypted disk image.<\/p>\n<p>[toc=&#8221;2,3&#8243; title=&#8221;Table of contents&#8221;]<\/p>\n<p>When a user that has a File Vault is logged in the OS mounts the encrypted disk image, and make a hard\/soft link to this disk image. \u00c2\u00a0This makes the user&#8217;s home directory point directly to the encrypted disk image, thus making the process virtually transparent to the user. \u00c2\u00a0When the user logs off, the disk image is potentially compressed to free unused disk space, and unmounted to prevent unauthorized access. \u00c2\u00a0In Mac OS X v10.4 (Tiger), FileVault stores the encrypted file system as a Sparse Disk Image, which is basically a single large file. In Mac OS X v10.5 (Leopard), FileVault stores the encrypted file system as a new image called a Sparse bundle. Sparse bundles break images into smaller 8MB files called bands, allowing them to be backed up using Leopard&#8217;s Time Machine feature in 8 MB increments. <strong>Please note: Leopard and Snow Leopard does not automatically convert a Sparse Disk Image into Sparse Bundles. \u00c2\u00a0To do the upgrade, the user must turn off File Vault &amp; then re-enable it.<\/strong><\/p>\n<p>When using FileVault, it is not possible to select which parts of the disk to encrypt, only the users home directory is encrypted. So File Vault is not a form of whole disk encryption, such as PGP Whole Disk Encryption, or CheckPoint&#8217;s Pointsec. \u00c2\u00a0Similarly, specific files or folders cannot be encrypted using FileVault, although the same encrypted disk image technology can be used for this purpose through the Disk Utility\u00c2\u00a0Application.<\/p>\n<h2>Known Issues<\/h2>\n<p>Here is the list of known issues with File Vault, that I am aware of, please feel free to submit more (either through comments, or email):<\/p>\n<ul>\n<li>Adobe Updater has issues with File Vault &#8211; This means that in an organization, you will need to have an user or IT Professional\u00c2\u00a0download the update from the Adobe Web Site, and manually run the installer.<\/li>\n<li>The IT department will not be able to run some updates remotely. \u00c2\u00a0For example, Microsoft Office Updates are run on a per user basis. \u00c2\u00a0I currently use Apple Remote Desktop to access Idle Machines, and push the updates out to the systems. \u00c2\u00a0Since File Vault users home directory is accessable through ARD we may not be able to do this.<\/li>\n<li>Unlike Pointsec, the Macintosh User has the ability to turn off FileVault. \u00c2\u00a0There is no way to prevent the user from turning off the File Vault Encryption. \u00c2\u00a0So if it is a requirement from IT, the user can abort the encryption, or turn it off once done encrypting.<\/li>\n<li>Since this is not a whole disk encryption, this does not protect any additional drives, and any content that is placed outside of your home directory is totally unencrypted.<\/li>\n<li>File Vault&#8217;s Content is automatically encrypted and decrypted on the fly. Although early versions were slow and caused system to temporarily hang when used with disk-intensive applications, such as sound and video editing, the performance of FileVault has been improved in more recent versions of Mac OS X.\n<ul>\n<li>There is a perceived slow down in the boot up &amp; login sequence with File Vault turned on.<\/li>\n<\/ul>\n<\/li>\n<li>File Vault requires the user to logged out to Enable or Disable File Vault. \u00c2\u00a0This could be hours of down time to Enable or Disable File Vault. \u00c2\u00a0The File Vault Sparse Disk Image does not get compacted, until the user logs out&#8230; \u00c2\u00a0But this is a voluntary option, File Vault will ask the user if they wish to compact the image. \u00c2\u00a0So if the user never authorizes the compaction, the unused space on the image may never get reclaimed.<\/li>\n<li>If the user attempts to turn off File Vault, and is unable to (eg, the OS reports that there is not enough disk space), try to free more disk space. \u00c2\u00a0File Vault needs significant amounts of disk space, to move the data out of the encrypted disk image. \u00c2\u00a0This disk space requirement could be 2-3 times the size of the current user folder, or higher.<\/li>\n<li><span style=\"color: #800000;\">Sophos Antivirus may freeze on Login with File Vaulted systems.<\/span>\n<ul>\n<li><span style=\"color: #800000;\">This behaviour is also described in the current Sophos 4.9.19 (Feb 2009) Readme: \u00c2\u00a0\u00c2\u00a0&#8220;(DEF 19925) On OS X 10.5.x with FileVault enabled, the on-access scanner can cause deadlocks.&#8221; <\/span><a href=\"http:\/\/downloads.sophos.com\/readmes\/readmacx.html\"><span style=\"color: #800000;\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\">http:\/\/downloads.sophos.com\/readmes\/readmacx.html<\/span><\/span><\/span><\/span><\/span><\/a><span style=\"color: #800000;\"> (Translation &#8211; Login freezes &amp; locks up when logging in with FileVault &amp; On-Access scanning turned on.<\/span><span style=\"color: #6e0000;\">)<\/span><\/li>\n<li><span style=\"color: #6e030d;\">First detected in July 2008, as per Apple Forums (<\/span><a href=\"http:\/\/discussions.apple.com\/thread.jspa?threadID=1629343\"><span style=\"color: #6e030d;\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\">http:\/\/discussions.apple.com\/thread.jspa?threadID=1629343&amp;tstart=57<\/span><\/span><\/span><\/span><\/span><\/a><span style=\"color: #6e030d;\"> )<\/span><\/li>\n<li>Confirmed with March 2009 Update (Sophos Version 4.9.20, Threat Engine 2.84.1, and Threat Data 4.39, March 2009)<\/li>\n<li>\u00e2\u20ac\u0153The below command can help to alleviate the issue.We have made it possible for the user to change the number of threads that we use for scanning with, this helps to alleviate the issue by having more SAVI threads available when the machine is opening the FileVault bundle.By default we use 4 threads. This can be increased by running this command:<span style=\"color: #6e030d;\"> <\/span>CMD: defaults write \/Library\/Preferences\/com.sophos.sav WorkerThreads -int 15\n<ul>\n<li>The number at the end of the command, in this example, 15, is the number of threads to be spawned at startup.<\/li>\n<li>Please note that each additional thread will take up approx 8Mb of memory.<\/li>\n<li>Customers should be advised to test this before implementing it across their network.<\/li>\n<li>This is not a fix, but a work-around. The tech said he didn\u00e2\u20ac\u2122t know if Snow Leopard (OSX 10.6) or the next full version of Sophos would address the issue further.<\/li>\n<\/ul>\n<\/li>\n<li>This issue is not listed in the Readme for Sophos Antivirus 4.9.26 w\/Threat Detection engine 2.90.1, as of September 2009. \u00c2\u00a0It is unclear if the above workaround has been added to the application, or if a fix has been incorporated. \u00c2\u00a0This maybe fixed in Sophos v7.xx, I have not been able to confirm this.<\/li>\n<\/ul>\n<ul>\n<li>If running Leopard or Snow Leopard, Sophos Version 7.05 or higher is required. \u00c2\u00a0If upgrading to Snow Leopard, uninstall any previous version of Sophos, upgrade, and then install 7.05 or higher. \u00c2\u00a0(http:\/\/www.sophos.com\/support\/knowledgebase\/article\/62329.html)<\/li>\n<\/ul>\n<\/li>\n<li>Backup software, at this time, can not incrementally backup the File Vault, and can not reliably backup a sparse image file. \u00c2\u00a0So most Backup software require the user to be logged in, before any chance of a backup of the File Vault could occur. \u00c2\u00a0This can prevent the backup of the machine, and risks loss of data.\n<ul>\n<li>System can NOT be set to auto-log out, since Backup software may require the user to be logged in to backup the File Vault.<\/li>\n<li>For Retrospect,\u00c2\u00a0The SpareImage Files must be set to ignored (in preferences) or a filter setup to ignore SpareImage files.<\/li>\n<li>If handled improperly, or the File Vault was created under 10.4x, the File Vault would not be incrementally backed up, and would require a new copy of the file vault for each backup. \u00c2\u00a0This would quickly fill up the available space on the backup device.<\/li>\n<li>Retrospect 8 has the same limitations with File Vault ( http:\/\/forums.dantz.com\/showtopic.php?tid\/28927\/)<\/li>\n<\/ul>\n<\/li>\n<li>Time Machine, can incrementally backup a File Vault (created under 10.5x), but it requires the user to be logged out (at the login window).\n<ul>\n<li>Time Machine users need to exclude their user folder, when using File Vault. \u00c2\u00a0If they do not, they will be backing up their user folder twice. \u00c2\u00a0Once from the virtual home directory, and once from the Sparse Bundle image file, when logged out. \u00c2\u00a0This is normally added when you switch to File Vault, but if you clear your exclusions or run a script that repopulates it, you may need to re-add it.<\/li>\n<li>File Vault users do not get a &#8220;transparent&#8221; time machine backup every hour of the day. \u00c2\u00a0The only time the Time Machine backup occurs when the user is logged out &amp; the Time Machine drive attached. \u00c2\u00a0Most users do not leave there systems logged out for any significant length of time. \u00c2\u00a0This requires the user to be accept downtime, while the system backups up.<\/li>\n<li>F<span style=\"font-size: small;\">ile Vault users have to manually restore file through the file system. The &#8220;Galaxy&#8221; user interface is not available.<\/span><\/li>\n<li>R<span style=\"font-style: normal;\">equires the purchase of a additional hard drive (~$100-150 for a 750Gb or 1 Tb drive) or a <\/span><span style=\"color: #0000ff;\"><span style=\"font-style: normal;\">Leopard (or Snow Leopard) based network share<\/span><\/span><span style=\"font-style: normal;\"> (eg. Drive Shared from a Snow Leopard \/ Leopard based computer, Time Capsule, or Airport Extreme Shared drive(s))<\/span><\/li>\n<li>The System should be set to auto-logout when idle, to assist in getting regular backups of the File Vault.<\/li>\n<li>the proper to backup a File Vault with Time Machine is\n<ul>\n<li>Attach the Time Machine backup drive.<\/li>\n<li>After the Time Machine backup drive shows up in Finder, then log out of your FileVault account and make sure the logout window specifically says that it&#8217;s backing up the FileVault.<\/li>\n<li>Time Machine does not backup the Entourage database, if Entourage is running. \u00c2\u00a0Entourage somehow prevents Time Machine from backing up the database, if Entourage is running.\n<ul>\n<li>To force a backup of Entourage\n<ul>\n<li>Quit Entourage, My Day, and any other MS product.<\/li>\n<li>Go to Time Machine, and choose Backup now.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Time Machine, can be sensitive to drive issues, and silently fail or become stuck.\n<ul>\n<li>If the Free Space Allocation table is damaged, Time Machine can become &#8220;stuck&#8221; at the Preparing phase and never finish preparing. \u00c2\u00a0Eventually the system will eventually lock up (system is still responsive, but drive related function may not occur in a timely manner, eg can&#8217;t log out, reboot, restart, or start an application).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><strong>Disaster Recovery:<\/strong><\/h2>\n<ul>\n<li>This assumes that the hard drive is physically intact. Put the drive into a 2.5&#8243; enclosure and hook it up to another Mac.\n<ul>\n<li>First attempt to open the Disk Image, by going to the new drive&#8217;s USERS folder, and double clicking on the File Vault users disk image (it should be named the same as the users SHORTNAME). \u00c2\u00a0This should then cause the system to prompt for the password. \u00c2\u00a0Once the password is entered, it should mount as a disk image.<\/li>\n<li>If that doesn&#8217;t work, try this use an Admin account (call it user2) to mount user1&#8217;s FileVault using the following command in Terminal :sudo hdiutil attach \/Volumes\/UpInFlames\/Users\/user1\/user1.sparsebundlewhere UpInFlames is the volume name of your MacBook drive. You&#8217;ll need the password of the user2 as well as the password on the sparsebundle.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><strong>Recommendations:<\/strong><\/h2>\n<div>\n<ul>\n<li>Move your iTunes and iPhoto libraries into \/Users\/Shared. FileVault takes your entire home folder and encrypts it into one big file; by moving iPhoto, iTunes, and movie files out, you can keep the size of this file down and improve reliability. In iTunes, go into Prefereces:Advanced, and select where to keep your iTunes Library. Make sure you check the box that says \u00e2\u20ac\u0153Keep iTunes Music Library Organized\u00e2\u20ac\u009d (this screenshot should help). Then go into Advanced:Consolidate Library and iTunes will move all your files for you. For iPhoto, just move your iPhoto Library. The next time you launch iPhoto it will ask you to point it towards your library. Then again, if you have, shall we say photographs of a \u00e2\u20ac\u0153private\u00e2\u20ac\u009d nature, you might want to leave them where they are so the will be encrypted.<\/li>\n<\/ul>\n<ul>\n<li>System Preferences &#8211;&gt; Security \u00c2\u00a0&#8211;&gt; Turn on Log Out after XX minutes of Inactivity \u00c2\u00a0 \u00c2\u00a0 &#8212; Set to 30 minutes\n<ul>\n<li>Set only if using Time Machine. \u00c2\u00a0Do not set if using Retrospect.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>System Preferences &#8211;&gt; Security \u00c2\u00a0&#8211;&gt; Turn on Use Secure Virtual Memory<\/li>\n<\/ul>\n<ul>\n<li>System Preferences &#8211;&gt; Security \u00c2\u00a0&#8211;&gt; File Vault &#8211;&gt; \u00c2\u00a0Master Password\n<ul>\n<li>This allows you to establish a master password so that you can retrieve the File Vault information, if the user forgets their password.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<p><span style=\"font-size: medium;\"><span style=\"font-size: medium;\"><strong> <\/strong><strong> <\/strong><\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is File Vault? File Vault is a built-in encryption system for Mac OS X 10.3 and higher, which protects the users home directory on Macintosh OS X systems. \u00c2\u00a0File Vault operates by using a variation on the &#8220;Portable Home Folder&#8221; system that the Macintosh OS offers. \u00c2\u00a0The principal is that the a new home <a class=\"read-more\" href=\"http:\/\/www.schollnick.net\/wordpress\/macintosh-related\/file-vault-information\/\">[&hellip;]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":218,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"_links":{"self":[{"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/pages\/1662"}],"collection":[{"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/comments?post=1662"}],"version-history":[{"count":0,"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/pages\/1662\/revisions"}],"up":[{"embeddable":true,"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/pages\/218"}],"wp:attachment":[{"href":"http:\/\/www.schollnick.net\/wordpress\/wp-json\/wp\/v2\/media?parent=1662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- WP Super Cache is installed but broken. The constant WPCACHEHOME must be set in the file wp-config.php and point at the WP Super Cache plugin directory. -->