FileVault on a T2-equipped Mac protects a Mac’s data at a cold startup. (There’s a way to disable this, but there’s no reason to.) The Secure Enclave handles all the necessary pieces.
Intel Macs with a T2 security chip: Most Intel Mac models released starting in 2018 have a T2 security chip, which is set to always encrypt the drive, even if FileVault is disabled. You can also use FileVault to encrypt and protect an external startup or bootable drive while it’s booted into macOS. Intel Macs without a T2 security chip: These older Macs, largely models introduced before 2018, use FileVault both for startup security and to handle disk encryption. FileVault is managed via the Security & Privacy preference pane’s FileVault pane. ENCRYPTING USB FLASHDRIVE FOR MAC FULL
You can read the full details elsewhere on Macworld about the ins and outs of FileVault, but it’s a way to combine the security of account-based access with the assurance of fully encrypted data.
You can encrypt a non-startup external drive’s volume on any Mac.
Drive encryption: Finder-mountable non-system volumes can be encrypted via the Finder, as well as advanced ways via the command line and Disk Utility. This can’t be used with an external startup drive with an M1-based Mac. FileVault: FileVault lets you control access to your startup volume, whether on an internal or external drive, including encrypting a drive where necessary. Apple offers two distinct ways of encrypting volumes on a drive, and it’s important to know the difference between them and the current limitation on drives connected to M1-based Apple Silicon Macs. Full-disk encryption (FDE) is a low-effort way to ensure that if someone were to get ahold of one of your drives while unmounted or a Mac while powered down, the contents on the drive would be unusable to them without knowing a password or other encryption information.
0 kommentar(er)
