Skip to content Skip to site navigation Skip to service navigation

How to Install Stanford Whole Disk Encryption for Mac

Overview

When you run the Stanford Whole Disk Encryption (SWDE) installer, the first step is Stanford's Device Enrollment app, a brief questionnaire that gathers basic information about your computer. If you already have responded to these questions, your previous answers are displayed.

After you complete the questionnaire, SWDE steps you through the process of encrypting your hard drive. The installer checks your computer to make sure certain requirements are met, such as having BigFix software installed. You will need to fix, or let the installer fix, any items that are flagged before continuing.

Once your computer has been authorized to install encryption, you are prompted to enable FileVault 2, Apple's built-in encryption technology, to encrypt the whole disk.

Notes:

  • Mac OS X 10.9 and above provide an interface to manage FileVault 2 that allows for the automation of storing recovery information for the encrypted drive.
  • For machines running  OS X 10.7 and 10.8, you'll need to manually turn on FileVault and run a tool to escrow your recovery key.  See the manual activation instructions for assistance with the process.
  • Boot Camp: FileVault 2 does not encrypt the Windows partition on systems running Boot Camp.  Therefore, SWDE-compliant machines cannot run Boot Camp.  OS X users needing to run Windows need to use VMware Fusion or Parallels.

Download software

System requirements

  • Operating System: Mac OS X 10.9 and above is required.

You are strongly encouraged to back up your files before starting to encrypt. CrashPlan, provided by University IT, is the recommended backup service, but your local IT group may provide other options. CrashPlan encrypts your backups for secure storage and also provides the option of setting a secondary password to ensure that only you can restore the files.

  • Before starting the encryption, make sure your computer is on AC power and has an active network connection.
  • Depending on the size and speed of your hard drive and how many files are stored there, encryption can take from 45 minutes to two days.
  • You may want to install the software at the end of the day and let the encryption run overnight. You can use your computer during the encryption process, but certain activities may be noticeably slower.

Download SWDE for Mac

Device enrollment questionnaire

  1. Run the installer. A setup wizard guides you through the steps necessary to install the software.
  2. As soon as the software is installed successfully, a questionnaire regarding the use of this computer for Stanford business launches. Click Proceed Now.

    start enrollment questionaire  
  3. Next, choose whether or not you have a valid SUNet ID, and then click Continue.

    query for valid SUNet ID  
  4. If you have a valid SUNet ID:
    • Enter your SUNet ID and password on the WebLogin screen.

      WebLogin screen
    • You will be asked to answer some questions about this device and the types of data that are accessed and stored on it.
    • If BigFix, Stanford's patch management software, is not present on your computer, you are provided with an option to install it.
    • If you choose to install BigFix now, select the group and (if applicable) the sub-group that describes where your computer is located, and then click Continue.

      select the group and subgroup that describes where your computer is located
    • You are asked to confirm whether you want to install BigFix. Click Yes to install BigFix.

      confirm whether you want to install BigFix
  5. If you do not have a valid SUNet ID:
    • If you are no longer affiliated with Stanford, the questionnaire is terminated.
    • If this computer is used for Stanford work, the questionnaire is terminated. Someone with a valid SUNet ID needs to complete the questionnaire.

Encrypt

After the questionnaire is completed, SWDE steps you through the process of encrypting your hard drive.

Run the encryption installer

After the questionnaire is completed, SWDE steps you through the process of encrypting your hard drive.

  1. The starting screen of the encryption process displays. If you are ready to encrypt your hard drive, check I have a backup and understand the risks involved and wish to continue, and then click Continue. (If your computer is already encrypted, this screen does not display.)

    what to expect from the encryption process
  2. When the Welcome screen is displayed, click Continue.

    Welcome to the Encryption Installer screen
  3. Next, a policy agreement is displayed. Read it and click Agree to accept the terms of the policy agreement and continue with the installation.

    policy agreement for using SWDE
  4. If your computer is running OS X 10.9.5 or higher and it was encrypted manually (not using SWDE), the existing recovery key will be changed, and the new key will be escrowed by BigFix.  You are prompted to log in with your administrator name and password, and then your new encryption recovery key displays.
  5. The installer runs a test on your computer to ensure that certain requirements are met before encrypting. For example, anti-malware must be installed, and some network services need to be disabled.
    • Click Fix Items to fix these problems.
    • Click Continue if the Test Results show that no items need to be fixed.

    test results
  6. Click Enable FileVault 2 and then click Configure.

    click Configure to configure encryption

 

Enable FileVault 2

  1. You will see a message saying that you need to restart your computer after FileVault 2 is enabled. Click Yes.

    warning message that computer will restart after FileVault2 is installed
  2. Enter your administrator account name and password, and then click Unlock.

    administrator password prompt
  3. Your recovery key is displayed. You will need this to unlock your FileVault 2 encryption if you forget your computer password. You can use the MyDevices service to recover your encryption key. Click Close.

    display of encryption recovery key
  4. Click OK to restart your computer and complete the FileVault 2 configuration.

    click OK to restart your computer
  5. Enter your account password and then click OK.

    pre-boot login
  6. A window displays the encryption status.
    Note: You can use your computer while it is being encrypted.

    encryption status

If you need help

  • If you encounter problems, please call (650) 725-4357 or submit a Help ticket. This service is provided 24x7 by University IT.
Last modified October 6, 2023