mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 21:01:34 -05:00
add hibernate info
This commit is contained in:
parent
60b2f5f525
commit
6918ed690c
@ -17,6 +17,13 @@ All encryption keys are handled by the Secure Enclave and are never exposed to t
|
||||
|
||||
Your Mac is at its most secure when it's fully off and the data is at rest. Depending on your threat model, it might behoove you to turn your Mac off completely whenever you're not using it, especially since Macs don't have memory encryption.
|
||||
|
||||
macOS keeps the encryption key in memory when sleeping so that you can quickly resume what you were doing. You can set the Mac to hiberate after a certain amount of time and destroy the FileVault key, leaving your data in a much more secure state. To set your Mac to hibernate destroy the key on hibernating:
|
||||
|
||||
```zsh
|
||||
sudo pmset -a destroyfvkeyonstandby 1
|
||||
sudo pmset -a hibernatemode 25
|
||||
```
|
||||
|
||||
## App Sandbox
|
||||
|
||||
The [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox/protecting_user_data_with_app_sandbox) is a feature that limits the access an app has to the rest of your system. Developers enable it when they sign their app, so it's not possible for you to enable it or modify the entitlements since they are defined in the signature.
|
||||
|
Loading…
Reference in New Issue
Block a user