PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-01-09 13:41:33 -05:00
Code

clarify filevault

Browse Source
This commit is contained in:
kimg45 2024-08-15 03:47:03 -05:00 committed by GitHub
parent e132878e35
commit e8f65540d0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/macos/macOS Security Overview.md
View File

@ -13,7 +13,7 @@ By default, your macOS install is encrypted, but it will automatically unlock on
FileVault works with two encryption keys: the volume key and the class key. The volume key encrypts the data in your drive and with FileVualt turned on, the class key encrypts the volume key. The class key is protected by a combination of the users password and the hardware UID when FileVault is turned on, meaning that the user password is required and the key is tied to the device and can't be decrypted outside the actual hardware. FileVault works with two encryption keys: the volume key and the class key. The volume key encrypts the data in your drive and with FileVualt turned on, the class key encrypts the volume key. The class key is protected by a combination of the users password and the hardware UID when FileVault is turned on, meaning that the user password is required and the key is tied to the device and can't be decrypted outside the actual hardware.
All encryption keys are handled by the Secure Enclave and are never exposed to the CPU or anything outside of the Secure Enclave itself. All encryption keys are handled by the Secure Enclave and are never exposed to the CPU.
## App Sandbox ## App Sandbox