How To Set Up Whole Disk Encryption In OS X 10.7 Lion

Jul 26, 2011 (02:07 PM EDT)

Read the Original Article at

One of the most valuable and significant changes Apple made to OS X Lion 10.7 is its overhaul of FileVault.

The OS X 10.6 version of FileVault protected just private data like pictures, email messages and other documents -- and only inside an encrypted home folder. Now, in Lion, FileVault2 enables full-disk encryption. This is an important improvement because it means FileVault is encrypting the entire file system -- not just a folder. For IT and tech pros, this addresses most of the security concerns around FileVault and Macs in the enterprise.

FileVault2 uses full disk, XTS-AES 128 encryption to keep your data secure. It is also quite easy to use. Mac users can toggle it off and on. It encrypts in the background and works seamlessly.

To use FileVault2, open System Preferences. Click Security & Privacy.

Click the padlock to unlock the Security & Privacy preferences.

Enter your user name and password -- you'll need administrative rights on the Mac you're encrypting.

Click on the FileVault tab.

Click on Turn On FileVault.

Your Mac will display your recovery key. This is important – make a copy of it and keep it secure.

Select whether to store your recovery key on Apple’s servers. Declining means you'd better hang onto that key. Better to accept and let Apple help you recover your data should you lose the key.

Select Store the Recovery key with Apple and hit Continue. The system next asks three security questions.

Here are the available questions.

Fill in all three. Click Continue.

The process requires a restart. Select that here.

The process takes a while. Grab a snack or keep working -- FileVault will encrypt as a background process.

Once FileVault is finished, you will see the message saying that encryption is finished.

The entire process took approximately an hour to complete on my 13-inch MacBook Air with a 256GB SSD drive. I worked on this piece while it encrypted. I looked but didn't notice any significant impact on available free disk space on my boot drive.

The only noticeable change is that the Mac now shows a new boot screen on restart. That's how you know FileVault is working. You'll always log in with user ID and password to get past this point.

Apple really got this right. FileVault2 works smoothly. I log in only once at this new screen and I’m immediately presented with my Finder desktop. You won't ever be sorry you used FireVault, but it's easy to imagine regretting you didn't.

Based in Houston, David Martin is a technologist at BYTE. Follow him @David_W_Martin or email him at