Re: [Fed-Talk] Two Questions about FileVault
Re: [Fed-Talk] Two Questions about FileVault
- Subject: Re: [Fed-Talk] Two Questions about FileVault
- From: "Henry B (Hank) Hotz, CISSP" <email@hidden>
- Date: Mon, 11 May 2015 11:53:19 -0700
On May 11, 2015, at 10:09 AM, Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS] <email@hidden> wrote:
> Just to follow up in general thread:
>
> For question one, the kernel is performing the encryption below the level of Activity Monitor being able to attribute it to a specific process. So you can see the disk activity, but no process accumulates the read/writes. fs_usage can attribute the activity.
Not quite sure what the question is. You want Activity Monitor to show something that fs_usage does show? (If so, sounds like a feature request?)
> For question two, Disk Utility does not perform full drive encryption like System Preferences > Security & Privacy > FileVault, Time Machine disk encryption, or Finder Control Click > Encrypt. It only encrypts bytes-on-drive as they are written. I reported it to Apple as a bug, but they say its functioning as expected and closed my ticket.
That’s the difference between FileVault 1 and FileVault 2, so I’d say that really is as expected.
> Paul
> --
> Paul Campbell | Senior Macintosh Systems Administrator
> ASRC Federal Research and Technology Solutions
> NASA Ames Research Center
> Moffett Field, CA 94035
> email@hidden
> W: 650.604.4014 | F: 650.604.3323
>
> ASRC Federal | Customer-Focused. Operationally Excellent.
>
>
>
> From: <Campbell>, Paul Campbell <email@hidden>
> Date: Thursday, April 16, 2015 at 9:24 AM
> To: "email@hidden" <email@hidden>
> Subject: [Fed-Talk] Two Questions about FileVault
>
> Hello All,
>
> I’ve read the FileVault white paper, and I’ve searched the web, but can’t find the answer to these two questions:
>
> When you encrypt a disk from the Finder, Activity Monitor shows the disk activity as the drive is encrypted, but no process shows as being responsible for that read/write activity. Why? (My research indicates that corestoraged is doing the actual encryption, and that process is running, so why doesn’t it show the accumulated read/writes?)
>
> Second, and more important question: When using Disk Utility to erase a drive as HFS+ journaled and encrypted, it appears to take just 1 minute to encrypt a 2TB drive with less than 1GB in writes. As soon as that’s complete, disktuil cs list shows the encryption complete:
>
> +-- Logical Volume Group 23F9B929-6BFF-45A1-BCEB-DADBDE74852C
> =========================================================
> Name: DiskUtilityEncrypted
> Status: Online
> Size: 2000021315584 B (2.0 TB)
> Free Space: 9392128 B (9.4 MB)
> |
> +-< Physical Volume 03CB8A7D-323F-4FE4-8694-AF91B190B89D
> | ----------------------------------------------------
> | Index: 0
> | Disk: disk2s2
> | Status: Online
> | Size: 2000021315584 B (2.0 TB)
> |
> +-> Logical Volume Family EFCAA44A-00D3-457C-B038-00785AB060F7
> ----------------------------------------------------------
> Encryption Status: Unlocked
> Encryption Type: AES-XTS
> Conversion Status: Complete
> Conversion Direction: -none-
> Has Encrypted Extents: Yes
> Fully Secure: Yes
> Passphrase Required: Yes
> |
> +-> Logical Volume 991B75BA-9475-4B82-B966-50A9CE39D54B
> ---------------------------------------------------
> Disk: disk6
> Status: Online
> Size (Total): 1999659597824 B (2.0 TB)
> Conversion Progress: -none-
> Revertible: No
> LV Name: DiskUtilityEncrypted
> Volume Name: DiskUtilityEncrypted
> Content Hint: Apple_HFS
>
>
> Compared to a Finder Encrypting Drive 1 minute later:
>
> +-- Logical Volume Group 506D664C-946D-4A23-8A78-C862CA5DE723
> =========================================================
> Name: FinderEncrypted
> Status: Online
> Size: 2000021315584 B (2.0 TB)
> Free Space: 18964480 B (19.0 MB)
> |
> +-< Physical Volume EE9BDFE9-D79D-4E53-888A-A169763408D2
> | ----------------------------------------------------
> | Index: 0
> | Disk: disk7s2
> | Status: Online
> | Size: 2000021315584 B (2.0 TB)
> |
> +-> Logical Volume Family EB6B467F-9971-4E81-94D3-B0DC6C2DDB07
> ----------------------------------------------------------
> Encryption Status: Unlocked
> Encryption Type: AES-XTS
> Conversion Status: Converting
> Conversion Direction: forward
> Has Encrypted Extents: Yes
> Fully Secure: No
> Passphrase Required: Yes
> |
> +-> Logical Volume 62363DAE-A2D9-40A2-9E0F-50E6D38FB807
> ---------------------------------------------------
> Disk: disk8
> Status: Online
> Size (Total): 1999650029568 B (2.0 TB)
> Conversion Progress: 0%
> Revertible: Yes (unlock and decryption required)
> LV Name: FinderEncrypted
> Volume Name: FinderEncrypted
> Content Hint: Apple_HFS
>
>
> I have dozens of drives to encrypt and want to do it as efficiently as possible, but also correctly. Who can answer how FDE is accomplished in 1 minute with a reformat? Or is this a display bug where the disk writes will occur at idle? (I have seen some behavior to suggest that.)
>
> Thanks for the input.
> Paul
> --
> Paul Campbell | Senior Macintosh Systems Administrator
> ASRC Federal Research and Technology Solutions
> NASA Ames Research Center
> Moffett Field, CA 94035
> email@hidden
> W: 650.604.4014 | F: 650.604.3323
>
> ASRC Federal | Customer-Focused. Operationally Excellent.
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Personal email. email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden