Skip to content Skip to site navigation Skip to service navigation

How to Enable FileVault 2 on Mac OS X 10.7 and 10.8

Overview

These instructions are intended for computers running Mac OS X 10.7 and 10.8. Mac OS X 10.9 and above users should enable FileVault 2 by running the Encryption installer. See the Stanford Whole Disk Encryption for Mac page for instructions.

To encrypt your hard drive with FileVault 2, open the Security & Privacy preference to turn on FileVault. A recovery key is generated and displayed. You should make a copy of this and keep it in a safe place. If you forget your computer password, the recovery key is used to unlock your encrypted hard drive.

After turning FileVault on, you need to restart your computer to start the whole disk encryption. You can use your computer while it is being encrypted.

After your computer has been encrypted, run the Key Escrow Tool to have your recovery key securely backed up (BigFix is required).  If you forget your computer password and you lose your recovery key, your can recover your encryption key from MyDevices or by submitting a Help ticket.

After your computer has been encrypted, log in to your computer as usual with your computer name and password. The whole disk encryption is invisible and seamless while you use your computer.

 

Turning on FileVault

You are strongly encouraged to back up your files before starting to encrypt.

  1. Open the System Preferences.
  2. In the Personal section, click Security and Privacy.
  3. In the Security & Privacy pane, click the FileVault tab.

    FileVault tab selected
  4. Click the lock in the bottom-left corner of the Security & Privacy pane.
  5. Enter your administrator name and password for the computer and then click Unlock..

    authenticate with administrator name and password
  6. Click Turn on FileVault.

    Turn on FileVault
  7. Your recovery key is displayed. You will need this to unlock your encrypted hard drive if you forget your computer password. You will also need to manually enter your recovery key in the Key Escrow Tool. Make a copy of the recovery key and store it in a safe place. Then, click Continue.

    recovery key
  8. If you are prompted to let Apple store your recovery key, select Do not store the recovery key with Apple and then click Continue.

    do not let Apple store you recovery key
  9. At the prompt, click Restart. After you restart your computer and log in, the encryption process will start.

    restart message

Saving the recovery key

After you have begun the FileVault encryption process you should have your recovery key backed up in a secure database (also known as key escrow) by the university . The recovery key  can then be retrieved in MyDevices.

  1. Download and run the Key Escrow Tool installer.
     
  2. You will  be prompted  to type in your recovery key and the installer will work with Bigfix to centrally store it.

    enter recovery key to participate in key escrow.

Turning off FileVault

If you want to decrypt your hard drive, all you need to do is turn off FileVault.

  1. Open the System Preferences and click Security and Privacy.
  2. In the Security & Privacy pane, click the FileVault tab.
  3. Click the lock in the bottom-left corner to allow you to make changes.
  4. Enter your administrator name and password for the computer and then click Unlock..
  5. Click Turn Off FileVault.
Last modified April 12, 2023