Skip to content Skip to site navigation Skip to service navigation

How to Enable FileVault 2 on Mac OS X 10.7 and 10.8

Overview

These instructions are intended for computers running Mac OS X 10.7 and 10.8. Mac OS X 10.9 and above users should enable FileVault 2 by running the Encryption installer. See the Stanford Whole Disk Encryption for Mac page for instructions.

To encrypt your hard drive with FileVault 2, open the Security & Privacy preference to turn on FileVault. A recovery key is generated and displayed. You should make a copy of this and keep it in a safe place. If you forget your computer password, the recovery key is used to unlock your encrypted hard drive.

After turning FileVault on, you need to restart your computer to start the whole disk encryption. You can use your computer while it is being encrypted.

After your computer has been encrypted, log in to your computer as usual with your computer name and password.. The whole disk encryption is invisible and seamless while you use your computer.

If you forget your computer password and you lose your recovery key, submit a Help ticket.

Turning on FileVault

  1. Open the System Preferences.
  2. In the Personal section, click Security and Privacy.
  3. In the Security & Privacy pane, click the FileVault tab.

    FileVault tab selected
  4. Click the lock in the bottom-left corner of the Security & Privacy pane.
  5. Enter your administrator name and password for the computer and then click Unlock..

    authenticate with administrator name and password
  6. Click Turn on FileVault.

    Turn on FileVault
  7. Your recovery key is displayed. You will need this to unlock your encrypted hard drive if you forget your computer password. Make a copy of the recovery key and store it in a safe place. Then, click Continue.

    recovery key
  8. If you are prompted to let Apple store your recovery key, select Do not store the recovery key with Apple and then click Continue.

    do not let Apple store you recovery key
  9. At the prompt, click Restart. After you restart your computer and log in, the encryption process will start.

    restart message

Saving the recovery key

After you have enabled FileVault, re-run the Encryption installer. You will  be prompted  to type in your recovery key and the installer will work with Bigfix to centrally store it.

enter recovery key to participate in key escrow.

Turning off FileVault

If you want to decrypt your hard drive, all you need to do is turn off FileVault.

  1. Open the System Preferences and click Security and Privacy.
  2. In the Security & Privacy pane, click the FileVault tab.
  3. Click the lock in the bottom-left corner to allow you to make changes.
  4. Enter your administrator name and password for the computer and then click Unlock..
  5. Click Turn Off FileVault.
Last modified September 19, 2017