Re: [Fed-Talk] Two Questions about FileVault
Re: [Fed-Talk] Two Questions about FileVault
- Subject: Re: [Fed-Talk] Two Questions about FileVault
- From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>
- Date: Mon, 11 May 2015 19:23:10 +0000
- Thread-topic: [Fed-Talk] Two Questions about FileVault
Hey Hank,
FV1 didn’t operate like that. FV1 created an encrypted sparse bundle to hold the user’s home directory. It didn’t encrypt anything outside that and it wasn’t at the volume level. FV2 is volume encryption, specifically described as full disk encryption, though I now know their engineers don’t like to call it that because its inaccurate. They prefer full drive encryption because only a logical volume is encrypted, not the full disk.
Paul
--
Paul Campbell | Senior Macintosh Systems Administrator
ASRC Federal Research and Technology Solutions
NASA Ames Research Center
Moffett Field, CA 94035
email@hidden
W: 650.604.4014 | F: 650.604.3323
ASRC Federal | Customer-Focused. Operationally Excellent.
> On May 11, 2015, at 11:53 AM, Henry B (Hank) Hotz, CISSP <email@hidden> wrote:
>
>
> On May 11, 2015, at 10:09 AM, Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS] <email@hidden> wrote:
>
>> Just to follow up in general thread:
>>
>> For question one, the kernel is performing the encryption below the level of Activity Monitor being able to attribute it to a specific process. So you can see the disk activity, but no process accumulates the read/writes. fs_usage can attribute the activity.
>
> Not quite sure what the question is. You want Activity Monitor to show something that fs_usage does show? (If so, sounds like a feature request?)
>
>> For question two, Disk Utility does not perform full drive encryption like System Preferences > Security & Privacy > FileVault, Time Machine disk encryption, or Finder Control Click > Encrypt. It only encrypts bytes-on-drive as they are written. I reported it to Apple as a bug, but they say its functioning as expected and closed my ticket.
>
> That’s the difference between FileVault 1 and FileVault 2, so I’d say that really is as expected.
>
>> Paul
>> --
>> Paul Campbell | Senior Macintosh Systems Administrator
>> ASRC Federal Research and Technology Solutions
>> NASA Ames Research Center
>> Moffett Field, CA 94035
>> email@hidden
>> W: 650.604.4014 | F: 650.604.3323
>>
>> ASRC Federal | Customer-Focused. Operationally Excellent.
>>
>>
>>
>> From: <Campbell>, Paul Campbell <email@hidden>
>> Date: Thursday, April 16, 2015 at 9:24 AM
>> To: "email@hidden" <email@hidden>
>> Subject: [Fed-Talk] Two Questions about FileVault
>>
>> Hello All,
>>
>> I’ve read the FileVault white paper, and I’ve searched the web, but can’t find the answer to these two questions:
>>
>> When you encrypt a disk from the Finder, Activity Monitor shows the disk activity as the drive is encrypted, but no process shows as being responsible for that read/write activity. Why? (My research indicates that corestoraged is doing the actual encryption, and that process is running, so why doesn’t it show the accumulated read/writes?)
>>
>> Second, and more important question: When using Disk Utility to erase a drive as HFS+ journaled and encrypted, it appears to take just 1 minute to encrypt a 2TB drive with less than 1GB in writes. As soon as that’s complete, disktuil cs list shows the encryption complete:
>>
>> +-- Logical Volume Group 23F9B929-6BFF-45A1-BCEB-DADBDE74852C
>> =========================================================
>> Name: DiskUtilityEncrypted
>> Status: Online
>> Size: 2000021315584 B (2.0 TB)
>> Free Space: 9392128 B (9.4 MB)
>> |
>> +-< Physical Volume 03CB8A7D-323F-4FE4-8694-AF91B190B89D
>> | ----------------------------------------------------
>> | Index: 0
>> | Disk: disk2s2
>> | Status: Online
>> | Size: 2000021315584 B (2.0 TB)
>> |
>> +-> Logical Volume Family EFCAA44A-00D3-457C-B038-00785AB060F7
>> ----------------------------------------------------------
>> Encryption Status: Unlocked
>> Encryption Type: AES-XTS
>> Conversion Status: Complete
>> Conversion Direction: -none-
>> Has Encrypted Extents: Yes
>> Fully Secure: Yes
>> Passphrase Required: Yes
>> |
>> +-> Logical Volume 991B75BA-9475-4B82-B966-50A9CE39D54B
>> ---------------------------------------------------
>> Disk: disk6
>> Status: Online
>> Size (Total): 1999659597824 B (2.0 TB)
>> Conversion Progress: -none-
>> Revertible: No
>> LV Name: DiskUtilityEncrypted
>> Volume Name: DiskUtilityEncrypted
>> Content Hint: Apple_HFS
>>
>>
>> Compared to a Finder Encrypting Drive 1 minute later:
>>
>> +-- Logical Volume Group 506D664C-946D-4A23-8A78-C862CA5DE723
>> =========================================================
>> Name: FinderEncrypted
>> Status: Online
>> Size: 2000021315584 B (2.0 TB)
>> Free Space: 18964480 B (19.0 MB)
>> |
>> +-< Physical Volume EE9BDFE9-D79D-4E53-888A-A169763408D2
>> | ----------------------------------------------------
>> | Index: 0
>> | Disk: disk7s2
>> | Status: Online
>> | Size: 2000021315584 B (2.0 TB)
>> |
>> +-> Logical Volume Family EB6B467F-9971-4E81-94D3-B0DC6C2DDB07
>> ----------------------------------------------------------
>> Encryption Status: Unlocked
>> Encryption Type: AES-XTS
>> Conversion Status: Converting
>> Conversion Direction: forward
>> Has Encrypted Extents: Yes
>> Fully Secure: No
>> Passphrase Required: Yes
>> |
>> +-> Logical Volume 62363DAE-A2D9-40A2-9E0F-50E6D38FB807
>> ---------------------------------------------------
>> Disk: disk8
>> Status: Online
>> Size (Total): 1999650029568 B (2.0 TB)
>> Conversion Progress: 0%
>> Revertible: Yes (unlock and decryption required)
>> LV Name: FinderEncrypted
>> Volume Name: FinderEncrypted
>> Content Hint: Apple_HFS
>>
>>
>> I have dozens of drives to encrypt and want to do it as efficiently as possible, but also correctly. Who can answer how FDE is accomplished in 1 minute with a reformat? Or is this a display bug where the disk writes will occur at idle? (I have seen some behavior to suggest that.)
>>
>> Thanks for the input.
>> Paul
>> --
>> Paul Campbell | Senior Macintosh Systems Administrator
>> ASRC Federal Research and Technology Solutions
>> NASA Ames Research Center
>> Moffett Field, CA 94035
>> email@hidden
>> W: 650.604.4014 | F: 650.604.3323
>>
>> ASRC Federal | Customer-Focused. Operationally Excellent.
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> Personal email. email@hidden
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden