destroyfvkeyonstandby

FileVault 2 does support purging keys on sleep: sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25 From the pmset man page: destroyfvkeyonstandby - Destroy File Vault Key when going to standby mode.

On macOS you can use pmset with the DestroyFVKeyOnStandby option to ensure that FDE key is purged from RAM on sleep.

My understanding is that it is configurable on macOS by enabling destroyfvkeyonstandby.

FileVault plus running 'pmset destroyfvkeyonstandby' in Terminal should prevent this.

One of the nice things about OSX and Filevault2 is that you can force the key to be destroyed on suspend: destroyfvkeyonstandby - Destroy File Vault Key when going to standby mode.

You can also tweak a setting to automatically erase the FileVault key before suspending the laptop, requiring it to be entered before booting back up: pmset -a destroyfvkeyonstandby 1 I use pmset -a destroyfvkeyonstandby 1 hibernatemode 25 to always hibernate the laptop instead of suspending.

I have a 64 GB Mac with SSD and managed to trick it to use true hibernation (Apple does not want you to know it but you can still achieve true hibernation by enabling disk encryption (FileVault™) and forcing key material erasure from MEM on standby with `sudo pmset -a DestroyFVKeyOnStandBy 1`).

I've had this in my.profile for years: alias sleepsafe='sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25' alias sleepfast='sudo pmset -a hibernatemode 0' alias sleepdefault='sudo pmset -a hibernatemode 3' Whenever I travel or need to leave my laptop, I always run `sleepsafe`, which will delete the key from memory and hibernate the computer when I close the lid.

> You may wish to enforce hibernation and evict FileVault keys from memory instead of traditional sleep to memory: $ sudo pmset -a destroyfvkeyonstandby 1 $ sudo pmset -a hibernatemode 25 > If you choose to evict FileVault keys in standby mode, you should also modify your standby and power nap settings.

Tell the system to forget its key during sleep; the most recent rubber chicken to wave for this appears to be "sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25".