I have recently found that FileVault is disabled on my machine. Although I remember that I set "encrypt" option when I was setting the machine up.
I opened System Preferences and enabled FileVault. To my surprise it didn't take any time. I didn't have to wait while the data is encrypted. It just got instantly enabled.
My configuration: MacBook Air 2018, 256Gb SSD, macOS Mojave 10.14.1
I understood that the disk is not encrypted because I was able to access the content from my home directory from a guest session.
How does it possible that turning on FileVault doesn't take any time?
Best Answer
You have a new Mac with an SSD and T2 chip so all data on it is encrypted always. Any election you make in FileVault just adds and removes user keys from the trust chain so that happens basically instantly. However, when a FileVault credentialed user isn’t created, the system unlocks itself so the encryption door is always wide open.
The next time you restart, the system will notice that the first per-user key is now active and change the boot process so that the system won't unlock that storage and start the OS until your key unlocks the storage. Keep in mind, FileVault by default on APFS is all or nothing. When you unlock the storage, any account can read any files it has permission and you need your password to keep other users (guests) off your files and session.
You can inspect this by looking at
diskutil apfs list
to examine each APFS containers and synthesized volume encryption and lock status.Be sure to restart your machine and test the guest session scenario again. Only a full “Guest account” that’s set up in user preferences will keep your data marginally protected when you have an unlocked / unencrypted synthesized Macintosh HD boot / OS / user volume.