Encrypted Lion sleep/hibernate note
- Full-disk encryption is unlocked at power-on.
- Users not authorized to unlock the disk can use the system normally once it has been unlocked. (subject to random kernel panics...)
- Sleep does not lock the disk.
- Hibernate does.
- A sleeping Mac will automatically switch from sleep to hibernate if power is interrupted or the battery gets low.
- A sleeping Mac may switch to hibernate under other circumstances, such as "been asleep for X minutes". The hooks are there, but I haven't seen this behavior yet on one that's not low on battery.
- [Update] normally, when you shut down, you have the option to choose not to reopen applications on boot; if, however, other people are logged in, the override-and-shutdown-anyway dialog does not include this option. And, of course, you're not allowed to change the default behavior.
- [Update] If you wake up the machine while it's very low on battery power, and manage to enter your password before it insists on going back to sleep, then when you plug it in and wake it up, you will not be required to enter your password. The "emergency low-power" sleep does not re-lock the screen.
Taken separately, each piece makes perfect sense. It’s only in
combination that there are some surprising behaviors, which can become
even more fun when you add in some of the
Apple’s goal (incompletely implemented and rushed out the door) is to
blur the distinction between “on” and “off” at all levels, so that
your Mac, like your iPad, is always in the state you left it, whether
you put it to sleep, shut it off, crashed it, or whatever. For a
single-user, single-task device like the iPad, this is a reasonable
goal. For a laptop, especially one that doesn’t run only
Apple-supplied software and may be used in very different
environments, it may be the exact opposite of a good idea.
For a laptop that contains data sensitive enough to encrypt, it’s
downright stupid. Left Hand, go have a little chat with Right Hand
about what you’re doing, mmkay?