With the release of Lion, Apple made significant changes to FileVault. From its debut in Mac OS X 10.4 Tiger, FileVault encrypted only users’ home folders. This was adequate for many, but it left the rest of a hard drive unencrypted. In Lion, the whole drive is encrypted instead of individual user accounts. FileVault and its preferences are again in System Preferences, under Security and Privacy. By clicking on the FileVault tab, you will be able to enable or disable this security option.
Now that FileVault uses full-disk encryption, it is necessary to enable users who can unlock the machine. Enabling FileVault without adding other users to the list of of users who can unlock the machine will leave the unit in a state where it’s unusable by all accounts except the users who can unlock the drive.
FileVault 2 acts at the firmware level, under Intel’s Extensible Firmware Interface (EFI), and when the machine is first booted, you come to the login window before the system loads. After entering the password of the user you’d like to log in under, the Apple symbol will appear and the unit will fully boot to the account you specified.
If you’re upgrading from a previous version of Mac OS X to Lion, the old FileVault scheme will remain intact. As a legacy FileVault user, Lion will ask you if you want to turn it off. You can continue to use the legacy version in Lion, but you will not be able to use the legacy version for any new users added to the machine.
With FileVault 2, Apple has proceeded to offer a recovery key should you forget your password. The key must be copied externally and stored safely; if you forget your password, you will not be able to access the system should you need to. You also have the option of storing the key with Apple. With a series of three questions and exact answers, your machine’s serial number and other information, you will be able to contact AppleCare for your recovery key. After entering the key and unlocking the system, you will be prompted to change your password.