Switch from FileVault (home folder encryption) to FileVault (whole disk encryption) after upgrading to OS X 10.7 (Lion) or 10.8 (Mountain Lion)
- Affected population: FileVault users upgrading from Mac OS X 10.6 (Snow Leopard) to OS X 10.7 (Lion) or 10.8 (Mountain Lion).
- This tutorial will show users how to migrate from the old iteration of FileVault to the newer, more secure iteration.
- FileVault 2 in Lion and Mountain Lion is based on a whole disk encryption (WDE) schema.
- This feature provides added security for data stored on a computer's disk.
Please consult with your System Administrator before enabling FileVault on your machine
|Before enabling FileVault 2, it is important to make sure that PGP (if used before) is completely uninstalled. If you are not sure if PGP was used on your machine before, please consult your system administrator. Instructions on how to manually remove PGP from OS X.|
- Navigate to the System Preferences menu.
- Choose the Security & Privacy preference pane.
- You should be prompted with a message that reads "You're using an old version of FileVault". Click the button labeled Turn Off Legacy FileVault.
Note: if you are not automatically prompted with this message you may not be utilizing "Legacy FileVault". If you would like to turn FileVault on in OS X Lion or Mountain Lion please see [this tutorial].
- Enter the password for your user account when prompted.
- Enter the password for your user account again when prompted.
- When prompted by the message "You are ready to turn off Legacy FileVault protection", click the button labeled Turn Off Legacy FileVault.
- Your home folder will now begin to decrypt. You cannot use your machine during this time (~40 minutues).
- When the home folder finishes decrypting you will be at the OS X login screen. Please login with your username and password.
- The "Security & Privacy" preference pane should automatically open again. Click on the lock icon in the lower left-hand corner to unlock the preference pane.
- When prompted, authenticate with your user account username and password.
- You will again find yourself at the Security & Privacy window. Click the button labeled Turn on FileVault...
- If there are multiple users accounts on this machine you will be prompted to give additional users access. All users that need the ability to use this machine should be given disk access-rights by clicking the button labeled Enable user..., entering that user's password, and clicking the button labeled Continue.
- The following screen will display the disk's recovery key. If a disk password is lost or forgotten this is the ONLY way to recover the data on the encrypted disk. Please write this 24 character string down and store it in a secure place. Click the button labeled Continue.
- OS X Lion or Mountain Lion will display a prompt asking if you wish to store your recovery key with Apple. Select the radio button labeled Do not store the recovery key with Apple and click the button labeled Continue.
- OS X will now prompt you to restart to enable FileVault and begin the whole disk encryption process. Click Restart.
- The login process now takes place when OS X reboots. This authentication serves two purposes: it unlocks the disk and logs the selected user in.
- Upon reboot, the Security & Privacy window will open and display the amount of time remaining until the disk is fully encrypted. The machine can be used during this time period.