Tom Insam

Filevault

blech and I were bored, so we played with FileVault. And it's shiny. As long as you're on the local machine, it all works transparently. When you have FileVault turned on, your home directory contains a single file, {username}.sparseimage. This is a standard Mac OS X encrypted disk image, certainly I can just mount the thing using a different user no problem. When you log in as a FileVault user, your encrypted image gets moved to '/Users/.{username}, and the sparseimage is mounted in your old home directory. When you log out, this is all undone. Pretty nifty.

Aside from the encryption, which is nice, the main benefit I see here is that suddenly your home directory is a really nice, easy-to-back-up .sparseimage file on it's own. I've been having problems recently trying to find a nice way of backing things up, and this might be it. Slight worry is that only Panther can mount the .sparseimage, Jaguar has problems, so restoring needs a fairly recent machine. But I can live with that. I ph33r what will happen if I try to back up the image while I'm using it, though, so I'll probably have to log out and in as another user to run backups. Which will be annoying, but bearable.

The next thing we wanted to try was network access. And this is where things get not-so-nice. Essentially, it looks like the process above is the entire system, other than the nice GUI to turn FileVault on and off. When you connect to the home directory using AFP or Samba or something, and the user is not logged in on the local machine, you get a folder containing one file, the disk image. Not very useful. If you have Panther, of course, you can just locally mount the image at this point by double-clicking on it. But that's 2 steps, not very Applish. And of course, on any OS other than Panther, you're out of luck, Jaguar can't mount it, and Windows / linux don't stand a chance.

If, when you log in, the user is logged in on the local machine, you get their home directory, and I should point out that this is their home directory being sent unencrypted over the wire. Not good if you had paranoid reasons for using FileVault, which will be most people.

Of course, I can't think of a nice, simple, elegant way of having this do the Right Thing. The best we could come up with is that a Panther system should realize it's connecting to a filevault home directory, and remount the .sparseimage locally again, so that the only thing going over the wire is encrypted disk image. This has the advantage that you could host these things on a linux / Windows server as well. But I have no clue how you do locking on a .dmg, it sounds too horrible to contemplate, so you'd need a way of negotiating with all the other clients so they couldn't mount the drive at the same time.

So yeah, the current system has the advantage of being very simple, and Just Working. But not having network access to my home directory unless I'm logged in will be annoying.