- Joined
- Jan 25, 2019
- Messages
- 1
- Reaction score
- 0
- Points
- 1
Hello, I am the owner of a 2015 macbook pro 15" with SSD. What I am hoping to do is make is so that when i close the lid on my macbook, the SSD will be re-encrypted, requiring the encryption password to be unlocked again. i have tried the 'sudo sh -c pmset -a destroyfvkeyonstandby 1' command, but this does not seem to be working. The way I was able to confirm that it did not work is as follows;
I have 2 accounts on my MacBook; my administrator account, and a standard account without administrative privelages. My standard account does not have permission to decrypt filevault, and as such it does not show up on initial login after the macbook has been powered down. The only account the shows up from a cold boot is my admin account since this is the only account with filevault unlock privileges. So, from what i understand, if the filevault key was actually being destroyed from ram upon entering sleep mode, then I should only be able to re-log in from my administrator account upos waking the computer from sleep, just as required at the first login from a cold boot. Hiwever, this is not the case. When waking from sleep I am able to login from either my admin account, or the standard account.
If anyone could provide me with some insight as to how I can get filevault to re-encrypt upon the macbook entering sleep mode (destroy the encryption key from memory) it would be greatly appreciated! Thank you!
I have 2 accounts on my MacBook; my administrator account, and a standard account without administrative privelages. My standard account does not have permission to decrypt filevault, and as such it does not show up on initial login after the macbook has been powered down. The only account the shows up from a cold boot is my admin account since this is the only account with filevault unlock privileges. So, from what i understand, if the filevault key was actually being destroyed from ram upon entering sleep mode, then I should only be able to re-log in from my administrator account upos waking the computer from sleep, just as required at the first login from a cold boot. Hiwever, this is not the case. When waking from sleep I am able to login from either my admin account, or the standard account.
If anyone could provide me with some insight as to how I can get filevault to re-encrypt upon the macbook entering sleep mode (destroy the encryption key from memory) it would be greatly appreciated! Thank you!