Tony Padgett uses FileVault in macOS to encrypt his startup volume. However, it occurred to him that because he routinely updates a bootable clone of that drive, his clone remains unprotected at rest.

After cloning my internal drive to an external, I can take that external clone, plug it into another Mac, and see and read the contents.

This “hole” is not very obvious to the average person. I somehow assumed because FileVaut has encrypted my iMac, an encrypted version of it was being cloned the external drive.

I agree! I understood this because of extensive testing of FileVault, but it’s certainly not immediately obvious if you don’t know how a seemingly identical clone is managed at a low level by macOS.

To read this article in full or to leave a comment, please click here

Macworld How-To Go to Source

Powered by WPeMatico