FileVault
File Vault is a feature of Mac OS X to encrypt personal data. It is included in Mac OS X 10.3 by default in delivery.
FileVault encrypted initially only the user's home directory; further data were not recorded and data in the home directory can not be excluded from encryption with FileVault. However, it can be encrypted so that even programs if instead of the global program folder, a user program folder is created and used in the home folder.
With the introduction of OS X 10.7 (Lion ), the new version of FileVault 2 also supports whole- disk encryption, encryption technology has been switched to XTS- AES 128. Also can now be encrypted on the fly, the MAC can therefore be used during the encryption process continues.
Storage format
FileVault used since Mac OS X 10.5 for encrypting a sparse bundle, in which the user data is stored, and transparent as the user directory when a user logs included (mounted ) is. When the user logs off the sparse bundle is compressed and possibly backed up with Time Machine.
Up to and including Mac OS X 10.4.11 using FileVault encrypted sparse disk image, since Mac OS X 10.4.7 in a modified form which the data security and stability in the case of system crashes improved (header encryption at the beginning instead of the end of the sparse disk Images saved). With the transition to the aforementioned sparse bundles data security has been further improved, as sparse bundles allow quick access to the data and allow the differential backup with Time Machine.
A significant difference between sparse image and sparse bundle is the choice of storing the encrypted disk data. A sparse image is a " single" data block is stored. A sparse bundle is the " parent disk" split by the operating system 8MB parts (called bands ). This process is transparent to the user. If you are upgrading from an older system version to Mac OS X 10.5, the original disk format is maintained. In order to use the new format sparse bundle may need to disable the user account FileVault and re-enabled.
FileVault 2 does not require a sparse bundle more, but based on the Logical Volume Manager Core Storage.
Backup with Time Machine
To use FileVault 1 with Time Machine, the user at the time of the fuse must not be logged. It will be in securing the data of the sparse file transfer whereby the data integrity is maintained.
During the entire file must be transferred to a sparse image only changed bands (the 8- MB blocks) transmitted which significantly shortens the duration of the backup when using sparse bundle.
These restrictions no longer apply from the FileVault 2 (since OS X 10.7).
Security
In a survey conducted in 2008 study could be read by a cold boot attack key material FileVault.