diff --git a/content/posts/macos/macOS Security Overview/index.md b/content/posts/macos/macOS Security Overview/index.md index 092a160..fa0ad1e 100644 --- a/content/posts/macos/macOS Security Overview/index.md +++ b/content/posts/macos/macOS Security Overview/index.md @@ -17,6 +17,13 @@ All encryption keys are handled by the Secure Enclave and are never exposed to t Your Mac is at its most secure when it's fully off and the data is at rest. Depending on your threat model, it might behoove you to turn your Mac off completely whenever you're not using it, especially since Macs don't have memory encryption. +macOS keeps the encryption key in memory when sleeping so that you can quickly resume what you were doing. You can set the Mac to hiberate after a certain amount of time and destroy the FileVault key, leaving your data in a much more secure state. To set your Mac to hibernate destroy the key on hibernating: + +```zsh +sudo pmset -a destroyfvkeyonstandby 1 +sudo pmset -a hibernatemode 25 +``` + ## App Sandbox The [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox/protecting_user_data_with_app_sandbox) is a feature that limits the access an app has to the rest of your system. Developers enable it when they sign their app, so it's not possible for you to enable it or modify the entitlements since they are defined in the signature.