I bought a Macbook Pro the other day to test out to see if I like it enough to switch from Linux on my personal laptop. Aside from numerous aches and pains as I try to learn the Mac way of doing things, one big thing that I find disconcerting is FileVault for FDE – I’m used to LUKS where I set it up during installation and I’m prompted for my password during boot, prior to reaching my graphical interface. Because of how this works and because I’m the only person who uses my computers, I tend to have a very complex LUKS password for startup, and a much less complex account password for my local user account.
On MacOS, however, it seems to be tied to your user account login. There’s no boot prompt and it gets all the way to the MacOS user login screen before I’m asked for a password, so I have to assume that this is the only password keeping FileVault secure.
So I have two questions:
Is this correct? The security of FDE on a Macbook depends on your local account password and not on a separate password?
Is there a way to easily verify that I have in fact correctly enabled Filevault 2?