FileVault

E41428

disk encryption software full-disk encryption system macOS security feature

FileVault is Apple’s built-in full-disk encryption system for macOS that protects data by encrypting the contents of a Mac’s startup disk.

Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form	Occurrences
FileVault 2	1

Statements (48)

Predicate	Object
instanceOf	disk encryption software ⓘ full-disk encryption system ⓘ macOS security feature ⓘ
canBeManagedBy	MDM solutions ⓘ
category	Secure Enclave ⓘ surface form: Apple security technology data protection technology ⓘ
compatibleWith	Apple silicon ⓘ surface form: Apple silicon Macs Intel-based Macs with T2 chip ⓘ
configurationLocation	System Settings > Privacy & Security (modern macOS) ⓘ
dataStateProtected	data at rest ⓘ
defaultStateOnNewMacs	enabled by default on many modern Macs ⓘ
developer	Apple Inc. ⓘ
documentationURL	https://support.apple.com/HT204837 ⓘ
effectOfDisabling	triggers disk decryption process ⓘ
encryptionScope	entire startup disk ⓘ full disk ⓘ
encryptionType	on-the-fly encryption ⓘ
encrypts	macOS system volume ⓘ startup disk ⓘ
integratedWith	Recovery Key mechanism ⓘ iCloud account recovery (optional) ⓘ macOS login system ⓘ
introducedIn	Mac OS X 10.3 Panther ⓘ Mac OS X 10.7 Lion ⓘ
majorRevision	FileVault self-linksurface differs ⓘ surface form: FileVault 2
operatingSystem	macOS ⓘ
platform	Mac ⓘ
previousConfigurationLocation	System Preferences > Security & Privacy (older macOS) ⓘ
protectsAgainst	offline attacks on disk contents ⓘ unauthorized access to data on lost or stolen Macs ⓘ
purpose	full-disk encryption ⓘ protect user data at rest ⓘ
recoveryMethod	recovery key displayed during setup ⓘ storing recovery key with Apple (optional, via iCloud account) ⓘ
relatedTo	Secure Enclave ⓘ T2 security chip ⓘ macOS Recovery ⓘ
requires	administrator privileges to enable ⓘ initial disk encryption process ⓘ user authentication at startup ⓘ
statusCheck	can be verified in macOS system settings ⓘ
storesKeysIn	Secure Enclave ⓘ surface form: Secure Enclave (on supported Macs)
supports	institutional recovery key ⓘ multiple user accounts ⓘ personal recovery key ⓘ
usedIn	enterprise Mac deployments ⓘ
usesEncryptionAlgorithm	XTS-AES-128 ⓘ
usesKeyLength	256-bit key ⓘ

Referenced by (3)

Full triples — surface form annotated when it differs from this entity's canonical label.

Mac → hasSecurityFeature → FileVault ⓘ

FileVault → majorRevision → FileVault self-linksurface differs ⓘ

this entity surface form: FileVault 2

macOS → supportsSecurityFeature → FileVault ⓘ