Setting up and configuring FileVault 2

Wil Limoges tells you how to enable FileVault 2 in Mac Lion and points out a few gotchas to look out for along the way.

Last week, I wrote about securing your Mac with Lion’s Firewall and FileVault 2. In this week's post, I’m going to walk you through setting up and configuring Mac OS X Lion’s FileVault 2.

In the previous post, I spoke briefly about what to expect with FileVault, when it’s best to use it, and benefits versus pitfalls.

Before getting started

Back up your Mac before attempting to enable FileVault. There is a moderate risk of data corruption when enabling FileVault so the sure fire way to head off any such danger is simply to back up.

If you’re upgrading from Snow Leopard to Lion and you have FileVault enabled you need to make sure that FileVault is completely disabled within Snow Leopard before upgrading and enabling FileVault 2. Not doing so will prevent you from being able to turn the feature on under Lion. Another situation to think about is whether your Mac has multiple users or not. If it does, know that each user will need to be granted access to the Mac within FileVault, otherwise a user with FileVault access will need to unlock the machine by logging in, then logging out so that any other users may login to their account. Also if there is a screen lock, logout,  sleep/hibernate setting, or a screen saver password enabled, it will also require that the FileVault password be used to unlock FileVault each time one of these items is invoked. The last thing to note before enabling FileVault has more to do with Lion’s installation process. During installation, Lion creates a “Recovery HD” partition. FileVault requires that this “Recovery HD” be created in order to be enabled. Since it is possible for Lion to fail creating this partition during an installation or upgrade, it would be best to do a quick check and make sure that it has been created. To do this, simply reboot your Lion-installed Mac and press [Command] + [r ] while booting up. You’ll know you’ve succeeded in booting to the Recovery HD when you see a window pane called “Mac OS X Utilities” containing a list of utilities such as Disk Utility and Time Machine after boot. If you don’t, don’t fret, try to reboot the Mac a few more times holding down the [Command] and [r] keys together to make sure that it wasn’t just a timing issue.

Enabling FileVault 2

So now that we’ve touched on the necessary precautions for enabling FileVault, it’s time to get to the good stuff. Start by navigating to FileVault’s settings by opening up System Preferences and clicking on the Apple Icon located in the top left corner of the Menu bar of your screen; select System Preferences from the drop down. Once System Preferences is open, select Security & Privacy and click the FileVault tab. From here you may need to click the Lock icon in the bottom left of the FileVault pane to authenticate before being able to make any changes. Click Turn On FileVault to enable FileVault. If your Mac has multiple users you will be prompted to enable FileVault unlock access for each user. You will need to enter either your admin password for the main account or the user's account password for each user that will be enabled to access FileVault unlock. After you have enabled FileVault and entered in the corresponding passwords, a recovery key will then be displayed. If you ever forget or lose your FileVault password, this key will be the only way to access the information stored on your drive. It is imperative that you copy down this key and store it in a safe location. I suggest on a piece of paper under lock and key or in a digital format on another computer that receives regular back ups. Apple also offers the ability to store the key with them. Complete the process by clicking Continue. You will be prompted to restart your Mac. Once you have restarted your Mac, Lion will begin to encrypt your drive in the background allowing you to continue to use your Mac freely. You have now successfully enabled FileVault 2 for your Mac and can log in to your desktop and go about your business feeling much more safe and secure.