Skip to main content

Full Disk Encryption (FileVault)

Security and privacy is important. Thankfully, Apple offers with macOS full disk encryption out of the box, called FileVault. At OakHost we think this is a really good idea, and therefore we fully support it thanks to our KVM solution.

Most Mac hosting providers however can't support FileVault encryption due to the fact that a password is required upon every reboot, to unlock the encrypted drive. At this point in time, services like Screen Sharing or SSH aren't yet started, so there is no way to enter the encryption password remotely.

OakHost solves this problem thanks to our bespoke KVM solution which works independently of the state of the Mac itself. Acting as an external device connected via standard HDMI and USB ports, the encryption password can even be entered if no service is running on the Mac mini itself.

How can I reboot without having to enter my password on boot?#

If you want to restart your Mac without entering your password on boot, you can pre-register your password for the next startup process by issuing the following command:

sudo fdesetup authrestart

How can I enable/disable disk encryption?#

FileVault can be easily enabled or disabled in the System Settings. Just make sure to disable it once you cancel your service so we can reset the device without any problems.

  1. Open the System Settings, navigate to Security & Privacy and select FileVault.
  2. Click the Turn off/on FileVault... button.

File Vault Settings

Why can't I enter the startup password through Screen Sharing?#

During startup, the Screen Sharing service hasn't been started. It's configuration is part of the encrypted disk, so there is no way for macOS to start the service without unlocking the disk first. You can always enter the password using our KVM service through the Customer Panel.