O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

13.5. Encrypting an Entire Disk

So far, this chapter has covered encrypting individual files, folders, and disk images, up to and including one's entire home folder. In general, encrypting a large set of files rather than numerous smaller sets makes sense because it requires fewer passwords and less bother. But even encrypting your entire home folder can leave some sensitive files unprotected. So, why not simply encrypt everything on your disk — meaning you can lock or unlock every file at once? Indeed, you can do exactly that by using any of several software packages.

Until relatively recently, however, this option was available only for non-boot volumes. You couldn't encrypt an entire Mac OS X startup disk because the infrastructure needed to load the software that could decrypt the data during the startup process didn't exist. However, thanks to Apple's move to Intel processors and the ingenuity of a few software companies, that formerly elusive capability is now also a reality.

Most means of encrypting an entire Mac OS X volume — startup disk or not — are geared toward large-scale enterprise use, and may be difficult for ordinary users to find and equally difficult for them to configure. PGP Whole Disk Encryption is a notable exception in that it's extremely consumer-friendly, as encryption software goes. These products also carry with them certain intrinsic limitations. For example, once you've started your computer and typed your password, all your files are freely accessible ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required