FileVault - Getting Started

Please Note
Setting up FileVault 2 with FileWave is supported with MDM enrolled macOS devices only! MDM enrolled devices are such that went through DEP enrollment or had the MDM profile installed manually.

These advanced steps are for system administrators and others who are familiar with the command line and FileWave.

What you need to begin

What is FileVault 2

FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.

FileVault 2 has three different decrypting mechanisms:


Full Disk Encryption Assistant

Institutional Key Creation and Import

Create an IRK keychain using the following command

sudo security create-filevaultmaster-keychain ~/Desktop/FileVaultMaster.keychain
security unlock-keychain ~/Desktop/FileVaultMaster.keychain