This question really stems from the fact that I'm perhaps unfamiliar with the true function of FileVault. As far as I can tell, there's a way to force a pre-boot login screen… which means that, by default, FileVault logs in automatically at boot? Otherwise, the OS wouldn't be able to start.
So if FileVault automatically logs in to start the OS, does the encryption serve any function at all? I created a standard User to test this and was able to view all my files without entering any Administrator password – the only files I couldn't see were due to not having permission to view files from other users (which is standard protocol regardless of encryption, if I'm not mistaken).
Can anyone explain the function of FileVault to me? I'm starting to wonder if I'm using it to serve a purpose it wasn't intended to serve.
(For reference, I'm running macOS High Sierra)
Best Answer
FileVault2 is full-disk encryption. At pre-boot you can enter the recovery partition or boot from another disk, but not your FV disk without the decryption key (derived from your password). A firmware password takes care of being able to get into recovery or other boot disks, by the way.
The usefulness of FV is, if someone gets ahold of your data, it's useless without that decryption key, in this case coming from your password. Now once the disk itself is unlocked, there are accounts on that disk and each one may have stronger or weaker security, but it's a different layer now. Kind of like breaking into a bank with multiple doors; the firmware is one door, the file vault is another door, then you reach the user's doors.
Hope that helps.