1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 21:01:34 -05:00

add hibernate info

This commit is contained in:
fria 2024-11-26 06:05:12 -06:00 committed by GitHub
parent 60b2f5f525
commit 6918ed690c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -17,6 +17,13 @@ All encryption keys are handled by the Secure Enclave and are never exposed to t
Your Mac is at its most secure when it's fully off and the data is at rest. Depending on your threat model, it might behoove you to turn your Mac off completely whenever you're not using it, especially since Macs don't have memory encryption.
macOS keeps the encryption key in memory when sleeping so that you can quickly resume what you were doing. You can set the Mac to hiberate after a certain amount of time and destroy the FileVault key, leaving your data in a much more secure state. To set your Mac to hibernate destroy the key on hibernating:
```zsh
sudo pmset -a destroyfvkeyonstandby 1
sudo pmset -a hibernatemode 25
```
## App Sandbox
The [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox/protecting_user_data_with_app_sandbox) is a feature that limits the access an app has to the rest of your system. Developers enable it when they sign their app, so it's not possible for you to enable it or modify the entitlements since they are defined in the signature.