What issues might (legacy) FileVault cause?

Edit: The below was written before Lion came out, so this post is referring to what is now called "Legacy FileVault", which encrypts only your home directory.

I've enabled FileVault on my computer and haven't had any problems yet, but I've read online that FileVault has issues. What are these issues? Are they out of date and fixed in Snow Leopard or are there still problems that I might have in the future?

I like the idea of my disk being encrypted, and it hasn't seemed slow to me, but I'd like to be aware of any possible pitfalls that currently exist with FileVault.


There are a number of possible pitfalls to having an encrypted home folder; most of them are more-or-less intrinsic to the idea, so they're not likely to go away... ever.

UPDATE: Lion's FileVault 2 uses full-volume encryption rather than just home-directory, so it actually does make some of these issues go away and changes several others. I've added notes in [] below. Note that upgrading to Lion does not automatically convert to FV2; you must first turn off "Legacy FileVault" encryption for accounts using the old system, then turn on VF2 to reencrypt.

  • Speed: obviously, the computer has to decrypt the data to read it from disk, and encrypt it before reading from disk, which'll slow down disk access. This usually isn't a big deal unless you're doing something like video editing. There's also a delay at logout as it recovers space in the image (and maybe also backs it up; see below). [VF2 removes the logout delay, and can use hardware AES instructions (on CPUs that support them) to minimize the general slowdown.]

  • Too much security: the good thing about FileVault is that nobody can get at your data without your login password (of the computer's master password). The bad thing is that if you forget your password (and don't remember/haven't set a master password), you can't get at your data either. The recommended procedure is to set a master password (before enabling FileVault), write it down, and store the written copy someplace secure (e.g. sealed envelope in a safe deposit box). [VF2 creates a recovery key, which functions very similarly to the old master key. There's also an option to have Apple store the recovery key for you, although I'd recommend using that in addition to (not instead of) storing the key yourself.]

  • File non-sharing: FileVault security prevents you from sharing files out of your home folder. Your Public folder, normally accessible by other users on the computer (and if you have file sharing turned on, other computers on the network) is locked in the FileVault and available only to you. [FV2 removes this limitation.]

  • Risk of data corruption: normally, if your computer crashes there's a possibility that whatever files you had open could get corrupted; with FileVault, your entire home folder is contained in a disk image, and if that gets corrupted you could lose everything. IIRC both OS X v10.3.0 and 10.4.0 shipped with bugs that could corrupt the types of images used by FileVault (fixed in 10.3.1 and 10.4.1, but still...). So backup is very important if you have data you don't want to lose. [FV2 does not have the image corruption issue, but is still vulnerable to normal volume corruption; it will also limit your options for data recovery somewhat, as not all volume repair/recovery tools support encrypted volumes (yet).] Speaking of which:

  • Backup time: backing up the FileVault image file is generally only possible when you're logged out. External volumes (like backup drives) get dismounted when nobody's logged in, creating a bit of a catch-22 for many backup systems. Time Machine gets around this by doing a backup as you log out (after the image becomes accessible, but before the backup drive gets dismounted), so make sure you log out with the backup drive attached from time to time. Other backup systems... who knows. In any case, test to make sure you're actually getting a useable backup. [FV2 removes this limitation. Note that Time Machine under Lion supports encrypting the backup volume, in which case it can only back up when the backup volume is mounted and decrypted.]

  • Backup capacity: backup systems generally save space by only backing up files that've changed since the last backup. With your files hidden in a disk image, this isn't really possible. The image is stored as a series of "band" files (in "sparse bundle format"), so the backup system only needs to store the bands that changed, but since these don't neatly correspond to specific files in your home folder, it's still going to use more space than if it could back up the files directly. [FV2 removes this limitation.]

  • Backup recovery: since the files you're likely to want to recover from a backup are hidden inside the encrypted image, they're a lot less convenient to recover from backup. When using Time Machine, its slick view-through-time interface doesn't work with FileVault-protected files, you have to find the backup of the image, mount it, and recover the file(s) you want by hand. Similarly, if you want to recover a file from an online backup, you're likely to have to recover the entire image so you can mount it and pull out the file(s) you want. [FV2 removes this limitation.]

One more note: to keep people from bypassing FileVault, make sure you have secure (encrypted) virtual memory enabled (in System Preferences -> Security pane -> General tab), and either log out consistently (yeah, right) or require a password immediately after sleep or screen saver (same place) and set the screen saver to run automatically when the computer's been idle for a while. There is an option to automatically log out after a period of inactivity, but this doesn't always work (a program with unsaved documents will generally prevent logout). [FV2 encrypts the virtual memory swap along with everything else, although the advice about locking or logging off still applies. Also, 10.7.0-10.7.1 were vulnerable to FireWire DMA attacks in some states, but this appears to have been fixed in 10.7.2.]


Filevault has/had some issues in the past, but it also had some pros:

PROS:

  • Easy to backup (one big image file)
  • Protection from unwanted users trying to read your home folder.

CONS:

  • Forget your password and you can start forgetting about your data. No way you’re going to get it back.
  • If the image for your Filevault gets corrupted somehow, your data will be trapped forever in there…
  • No recovery software will be able to read through the encrypted data, so forget about this.
  • Startup/Shutdown times are a little bit longer due the cleaning and initializing of the image, the same with some big copies to/from your home.
  • Free space for the image will only be reclaimed at shutdown (at least it was like that in Leopard) so you might want to restart every now and then if you move large amounts of data inside your home folder.
  • Disabling FileVault: Some people have reported problem when disabling filevault (I’ve never done that to be honest). Some even quote that they had to reinstall OS X.
  • Time Machine: Filevault won’t backup your home folder unless you logoff, it will happily skip it until you do that.
  • Time Machine II: You cannot restore individual files in your home via T.M. (because they are encrypted and out of reach of TimeMachine) ;)

There are some more stuff you might want to consider that I can’t remember right now. Here’s a link that talks about performance (taken from SuperUser).

And if you want to backup your Home folder while using FileVault and while being logged, it is possible, but the backup will be stored unencrypted. Check this question.


One big one I can think of is that if you enable FileVault you won't be able to use the new Find my Mac feature in case your laptop is stolen. You can only use one or the other. Also, as you might've already found out if you enabled it some things won't be available via GUI anymore so you will have to use the terminal to work with the encrypted disk. Finally, until Apple releases an update for Bootcamp if you plan on running that you may run into some major problems.


One issue seems to be upgrading to Lion. The old FileVault functionality is gone, and you have to first convert your FileVault directories (to normal unencrypted ones). That cannot happen in-place, so you may need quite a bit of temporary disk space.