Security News > 2020 > July > How to ensure the integrity of your encrypted drive while it's hibernating in macOS
2020-07-06 20:39
By default, macOS does not maintain integrity while hibernating.
The problem is that while the key is stored in resident memory, it is unencrypted, allowing an attacker the opportunity to recover the non-obfuscated key using freely available tools to repeal FileVault's protections and gain unauthorized access to the now decrypted data stored on your device.
Since macOS has multiple types, we need to verify that the right one is set.
With the correct hibernation mode set, whenever the device is put to sleep, the contents of the RAM will be dumped to the system drive and cleared from memory, allowing the system to enter a "No power" mode.
Once enabled, the setting is set to True and will prevent the FileVault key from being stored in memory.