Happily been using my M1 for several weeks now, after starting new (manual transfer from Intel Mac).
Just realised I haven’t switched FileVault on, and want to. I note there have been changes, given how M1s already do things with secure enclaves etc.
If I understand correctly, this means that far less is actually being encrypted (given what already is)?
Question: To those who might have switched FileVault on, on their M1s after the fact – does it take long?
Is this something best done when no prolonged work is being planned, or is it simply flicking a switch?
There is no downtime as FileVault encryption happens in the background once you switch it on. It also only encrypts while the laptop is plugged in, I believe (at least it used to be that way on older Macs).
NB. There has been some discussion (somewhere) that it’s not actually that important to have it enabled on M1 Macs (and the newer T2-enabled Macs) due to the secure enclave already encrypting the data partition even with FileVault turned off.
Thanks – will flick the switch then. Also saw some questions around if necessary – I just figure an extra layer of system-based security surely cannot hurt!
On T2 equipped machines, the internal APFS volumes are encrypted regardless of FileVault status. Enabling FV on these machines is pretty much instantaneous since it is essentially just adding a requirement for use of a user’s password to unlock the drive encryption. Perhaps oversimplified but think of it as using your user password to encrypt the key used to unlock the volume.
Note that external drives are handled differently and would be similar to non-T2/Apple Silicon machines.