Laptop Hard Disk Encryption and Mac FileVault

An important issue with laptops which most people don't take seriously is the encryption and protection of private data that you might have on your machine, whether that be your own private data or company data. It may take having your laptop stolen to make you really think about the impact this might have. I have had my laptop stolen and I've thought about it. Here is a discussion of a few alternatives.

Thinkpad Hard Disk Encryption

Perhaps the best option that I've seen for data encryption is the scheme found on various Thinkpad laptions, including the T43P that I used prior to my happy switch to Mac OS X.

The Thinkpads do not actually encrypt data on the disk. Rather, they encrypt the bytes as they enter or leave the hardware interface. In other words, if you remove the disk and plug it into another case, you won't be able to read the data on the interface because it is encrypted as it leaves the interface. You'd have to brute force the password or read data directly off the platters in order to retrieve plaintext data. Since reading directly from platters is an expensive operation requiring specialized equipment, I am not overly concerned with your average thief taking this route. If, however, you are worred about some government agency getting at your data, you might not feel as comfortable.

The Thinkpad scheme requires that you set a BIOS password at boot time and, thereafter, you will need to enter your password every time you start your Windows machine. I leave my BIOS password written on a yellow sticky in my office, so that my IS guy can find it whenever he has to give Outlook a whack on the head, or otherwise fix the myriad of hardware and software problems that plague Windows laptop users.

Other PC Options

There are other options on Windows machines. My employer, Adobe Systems, provides full disk encryption capabilities for WinXP machines using a non-Microsoft solution. I was a little hesitant, however, to trust this solution. I find WinXP to be unstable enough that I don't need another variable thrown into the equation. There is also Microsoft's EFS solution, but I tend not to trust Microsoft when it comes to making robust products, and file level encryption demands robustness.

Mac FileVault

A couple of months ago I switched from WInXP to a Macbook Pro running Mac OS X and am very happy to finally be free of the software that Microsoft puts out. Unfortunately gone is the interface level disk encryption scheme that my Thinkpad had.

Instead the Mac has something Apple calls FileVault. It sounds like a great solution because you can use it to just encrypt the content in your personal folder (unlike Windows, you can actually keep your personal information intelligently organized in just one folder). If I am going to encrypt the actual bytes on disk, I'd rather only encrypt the data, and not the system files that you need to make everything run.

Unfortunately Apple FileVault is not robust and should not be used. I turned it on the day before I had to give a presentation. The presentation went rather badly because my data on disk suffered multiple mystery corruptions during the one hour period while I waited my turn to present, and each time I was required to resync from Perforce, reconfigure and rebuild my Eclipse-based projects. On top of this, the machine locked up whenever I tried to connect the projector to my DVI connector (other presenters with Macbook Pros did not have this problem). I had other problems in the two days that FileVault was turned on as well.

Here are a few specific problems that I had:

It is the VMWare problem that clued me in to FileVault being a problem. VMWare has a bug which says Virtual machines that are stored in a FileVault home folder or encrypted disk image might become unresponsive or quit unexpectedly during suspend and snapshot operations.

The FileVault problem is not restricted to VMWare Fusion, because I was having problems even when VMWare was not running. I asked the Mac experts in Acrobat engineering what they thought of FileVault and they said it had a bad reputation. A co-worker who had just returned from BlackHat, a hackers conference, repoted that FileVault is easy to defeat because Apple has done a poor job with their key management. See this Wired article for a similar appraisal.

I now have FileVault turned off, and sanity has returned to my Mac, though with the data remaining not encrypted. The job Apple did with this feature is a bit of a blow to the confidence I otherwise have had in Apple's Mac OS X implementation. Reading their web site description of FileVault doesn't do much for my confidence in Apple's self appraisal either. But I do love my Macbook Pro!

Jim Pravetz, 25 August 2007