Lesson 12—Manage FileVault Flashcards
How does FileVault protect user data?
FileVault encrypts the APFS Data volume portion of the built-in startup disk.
What do Mac computers with Apple silicon and Intel-based Mac computers with the T2 chip use to
encrypt data on built-in storage?
Mac computers with Apple silicon and Intel-based Mac computers with the Apple T2 Security Chip use the built-in hardware-accelerated Advanced Encryption Standard (AES) engine to encrypt data on the built-in storage for your Mac. These Mac computers encrypt data with 256-bit encryption keys that are tied to the chip’s unique identifier. FileVault should be turned on for additional security.
What do Intel-based Mac computers without the T2 chip use to encrypt data on built-in storage?
Intel-based Mac computers without the T2 chip use XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk. FileVault performs the encryption at the file-system driver level of macOS.
How can you turn on FileVault if you didn’t do so in Setup Assistant?
You can turn on FileVault at any time from the Security & Privacy preferences
What are the two ways you can save the FileVault recovery key when you turn on FileVault in Security &
Privacy preferences?
• Use your Apple ID to unlock the FileVault volume and reset your password. This action generates a
random FileVault recovery key and saves it to your iCloud account.
• Record the key that FileVault randomly generates. You must keep the key somewhere safe but not on
your encrypted startup volume.
