Filevault caution

NBiBooker · Mar 20th, 2006, 10:09 AM

It seems my initial optimism Re: Filevault was a bit too premature. It turns out that Filevault broke Spotlight, particularly in Mail 2.07. I ended up decrypting my entire home directory, creating a new folder for my saved messages, and repairing permissions. The I deleted Spotlight's index file with a terminal command I found on the web, and after a reboot, all is well.

madgunde · Mar 20th, 2006, 10:54 AM

Thanks for the heads-up. I've always been a bit leary about FileVault, and stories like yours support my cautious attitude, although I'm more worried about losing data or losing access to my data. I think I recall reading that FileVault can cause problems with popular backup software too. Anyone have any positive experiences using FileVault?

mguertin · Mar 20th, 2006, 02:38 PM

I've also never trusted encrypting my whole home directory. If you do need to encrypt sensitive information make yourself an encrypted disk image (or USB key or something) and go that route.

NBiBooker · Mar 20th, 2006, 07:00 PM

Part of my curiousity (which I only indulged after a full and complete backup) was to explore what kind of performance hit I would suffer.

I honestly didn't notice a difference. I think the filevault technology is close to being ready, it needs to work out some kinks with spotlight and, as mentioned, with back up utilities.

gordguide · Mar 21st, 2006, 11:42 AM

Works fine for me, although Spotlight is not something I get worked up over in the first place. Command-F works better as far as I'm concerned (it has more features, and uses any available Spotlight data anyway). My home directory isn't indexed by Spotlight (security reasons; and besides I know where everything is).

In general I keep documents that need to be kept confidential and secure in the home documents folders and everything else (movies, music, etc) on another unprotected, indexed, partition.

If you remember to set a Master Password for your computer, you will always be able to read any Filevault image, including backups and including those for other users on the same computer. That way, you can just backup by copying the whole FileVault Sparse Image (which is compressed).

Of course, that means you had better not forget the Master Password, because there is no way to recover anything if you forget it. The truly paranoid can set an Open Firmware Password, preventing others from booting the computer, including booting with a Startup Disk (not foolproof, but if you don't know the tricks, may as well be).

Speedwise, there doesn't seem to be any difference with FileVault or Secure Virtual Memory on or off.

We've managed to go 20 years without needing to encrypt our file systems, but some people (or some data) need it. Still, there are many options; FileVault is just one.

If you own a laptop, it's worth serious consideration; that's what FileVault and Secure Virtual Memory were made for in the first place.

FileVault is essentially an implementation of technology that has existed in OSX since version x.1; the major difference is the integration with the OS itself. You could always make secure (encrypted) disk images with Disk Utility (or it's equivalent in earlier versions of OSX) and these could be Sparse Image format (dynamically sized; they can shrink and grow); essentially that's what a FileVault image is. There is nothing particularly scary about opening one if you know the password. People have been encrypting certain folders in their home directory with Disk Utility for years; they had to mount them manually though.

Comparing a FileVault image to an encrypted, password protected sparse image, we find that the OS mounts the FileVault image automatically once you log in (saves a step and a potential password stealing opportunity), and when it mounts the FileVault image at root, like every other disk or disk image, it makes sure every application still thinks it's a folder in a directory (in this case, your home directory).

For a good overview of issues you might have (or some people have had) with FileVault, read this at the usually-excellent MacDevCenter at O'Reilly.

ericssonboi · Mar 21st, 2006, 11:46 AM

When i used Firefault... i didn't have any problems with it.

I had problems however when i tried to turn it off.
It required like 1000GB in order to allocate enough space to turn it off.
I just reformatted the HD in the end..

dthompson101 · Mar 21st, 2006, 12:47 PM

You can reindex your new "filevault" disk image for spotlight.

Do the following:
- Open a terminal
- Type: sudo -s and enter your password when prompted
- Type: mdutil -s /Volumes/diskname (this will be your shortname user name, i.e. david
- It will reply if its either enabled or disable
Looks like this:
/:
Status: Indexing Enabled
- If its says its Disabled, do the following:
- Type: mdutil -p /Volumes/diskname --> This will publish the metadata
- Type: mdutil -i on /Volumes/diskname --> This will index the volume

If that doesn't work for you, you can then delete the master copy

- Type mdutil -E /Volumes/diskname

Want to know more?
- Type: man mdutil
- TypeL man mdimport

One word of caution. This process could take a while to reimport the data depending on the size of your home dir

Mar 20th, 2006, 10:09 AM	#1
NBiBooker Honourable Citizen Join Date: Apr 2004 Location: Moncton, New Brunswick Posts: 1,474	Filevault caution It seems my initial optimism Re: Filevault was a bit too premature. It turns out that Filevault broke Spotlight, particularly in Mail 2.07. I ended up decrypting my entire home directory, creating a new folder for my saved messages, and repairing permissions. The I deleted Spotlight's index file with a terminal command I found on the web, and after a reboot, all is well. __________________ My gear: White MacBook 1.83, 2 Gigs of Ram, Combo Drive, OS 10.5, iPod Video 30 Gig, Canon Digital Rebel XT. iPhone 3G 8 Gig.

Mar 20th, 2006, 10:54 AM	#2
madgunde Honourable Citizen Join Date: Mar 2006 Posts: 1,480	Thanks for the heads-up. I've always been a bit leary about FileVault, and stories like yours support my cautious attitude, although I'm more worried about losing data or losing access to my data. I think I recall reading that FileVault can cause problems with popular backup software too. Anyone have any positive experiences using FileVault? __________________ Mac User since 1989 MacBook Pro 15.4"/2.33GHz Core 2 Duo/4GB/250GB HD/256MB VRAM Mac mini/2.0GHz Core 2 Duo/1GB/120GB HD PowerMac G4 "Sawtooth"/1.4Ghz G4/1GB/2 x 120GB HD/64MB ATI Radeon 8500 iPhone 3GS 32GB on Rogers Canada Master of the Art Of Geek.

Mar 20th, 2006, 07:00 PM	#4
NBiBooker Honourable Citizen Join Date: Apr 2004 Location: Moncton, New Brunswick Posts: 1,474	Part of my curiousity (which I only indulged after a full and complete backup) was to explore what kind of performance hit I would suffer. I honestly didn't notice a difference. I think the filevault technology is close to being ready, it needs to work out some kinks with spotlight and, as mentioned, with back up utilities. __________________ My gear: White MacBook 1.83, 2 Gigs of Ram, Combo Drive, OS 10.5, iPod Video 30 Gig, Canon Digital Rebel XT. iPhone 3G 8 Gig.

Mar 21st, 2006, 11:42 AM	#5
gordguide Honourable Citizen Join Date: Jan 2001 Location: Saskatoon Posts: 5,202	Works fine for me, although Spotlight is not something I get worked up over in the first place. Command-F works better as far as I'm concerned (it has more features, and uses any available Spotlight data anyway). My home directory isn't indexed by Spotlight (security reasons; and besides I know where everything is). In general I keep documents that need to be kept confidential and secure in the home documents folders and everything else (movies, music, etc) on another unprotected, indexed, partition. If you remember to set a Master Password for your computer, you will always be able to read any Filevault image, including backups and including those for other users on the same computer. That way, you can just backup by copying the whole FileVault Sparse Image (which is compressed). Of course, that means you had better not forget the Master Password, because there is no way to recover anything if you forget it. The truly paranoid can set an Open Firmware Password, preventing others from booting the computer, including booting with a Startup Disk (not foolproof, but if you don't know the tricks, may as well be). Speedwise, there doesn't seem to be any difference with FileVault or Secure Virtual Memory on or off. We've managed to go 20 years without needing to encrypt our file systems, but some people (or some data) need it. Still, there are many options; FileVault is just one. If you own a laptop, it's worth serious consideration; that's what FileVault and Secure Virtual Memory were made for in the first place. FileVault is essentially an implementation of technology that has existed in OSX since version x.1; the major difference is the integration with the OS itself. You could always make secure (encrypted) disk images with Disk Utility (or it's equivalent in earlier versions of OSX) and these could be Sparse Image format (dynamically sized; they can shrink and grow); essentially that's what a FileVault image is. There is nothing particularly scary about opening one if you know the password. People have been encrypting certain folders in their home directory with Disk Utility for years; they had to mount them manually though. Comparing a FileVault image to an encrypted, password protected sparse image, we find that the OS mounts the FileVault image automatically once you log in (saves a step and a potential password stealing opportunity), and when it mounts the FileVault image at root, like every other disk or disk image, it makes sure every application still thinks it's a folder in a directory (in this case, your home directory). For a good overview of issues you might have (or some people have had) with FileVault, read this at the usually-excellent MacDevCenter at O'Reilly. __________________ "Being an artist doesn't take much, just everything you got. Which means, of course, that as the process is giving you life, it is also bringing you closer to death. But it's no big deal. They are one and the same and cannot be avoided or denied. So when I totally embrace this process, this life/death, and abandon myself to it, I transcend all this gibberish and hang out with the gods. It seems to me that that is worth the price of admission." —Hubert Selby, Jr. Last edited by gordguide; Mar 21st, 2006 at 12:38 PM.

Mar 21st, 2006, 12:47 PM	#7
dthompson101 Full Citizen Join Date: Jan 2001 Location: Toronto, ON, CA Posts: 778	You can reindex your new "filevault" disk image for spotlight. Do the following: - Open a terminal - Type: sudo -s and enter your password when prompted - Type: mdutil -s /Volumes/diskname (this will be your shortname user name, i.e. david - It will reply if its either enabled or disable Looks like this: /: Status: Indexing Enabled - If its says its Disabled, do the following: - Type: mdutil -p /Volumes/diskname --> This will publish the metadata - Type: mdutil -i on /Volumes/diskname --> This will index the volume If that doesn't work for you, you can then delete the master copy - Type mdutil -E /Volumes/diskname Want to know more? - Type: man mdutil - TypeL man mdimport One word of caution. This process could take a while to reimport the data depending on the size of your home dir __________________ _________________________________________________ Digital Transitions David Thompson david@digitaltransitions.ca (416) 833-3944 Apple Consultants Network ACSA (v10.5) - ACTC (v10.5) - Xsan Admin (v1.1) *Specializing in Systems Administration, Integration, and Windows migration*

Mar 20th, 2006, 02:38 PM	#3
mguertin Honourable Citizen Join Date: Apr 2005 Location: Oakville, ON Posts: 5,018	I've also never trusted encrypting my whole home directory. If you do need to encrypt sensitive information make yourself an encrypted disk image (or USB key or something) and go that route.

Mar 21st, 2006, 11:46 AM	#6
ericssonboi Full Citizen Join Date: Jan 2005 Posts: 127	When i used Firefault... i didn't have any problems with it. I had problems however when i tried to turn it off. It required like 1000GB in order to allocate enough space to turn it off. I just reformatted the HD in the end..

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Filevault	NBiBooker	Anything Mac	3	Mar 13th, 2006 01:00 AM
FileVault problem	Hangman	Mac & iPod Help & Troubleshooting	2	Feb 14th, 2006 10:12 AM
Do you use FileVault?	Paul O'Keefe	Anything Mac	13	Aug 25th, 2005 08:11 AM
Advice: FileVault, Tiger	chy	Anything Mac	3	Jul 15th, 2005 10:58 PM
RAID Panther/Tiger caution on G5 towers...formatting	MacDoc	Anything Mac	2	Jun 8th, 2005 09:57 PM