Disable suspend-to-disk on OS X

06 Jun 2013

So it seems like the memory is stored encrypted on the drive when sleeping the computer with FileVault2.

Good, so here is a guide for you who would like to save the storage space on your disks:

Old entry

Somewhat annoyed that I was unable to find any good info on whether OS X saves the memory dump to disk unencrypted or not when it suspends to disk (when using filevault2). This happens when the computer sleeps and power runs low.

To prevent cold boot attacks I decided to remove the functionality.

First I removed the image already saved to disk

sudo rm -P /var/vm/sleepimage

Then I shut down the functionality, so now it only sleeps with power on the memory, if battery runs low it shuts down and we lose the state we where in.

sudo pmset -a hibernatemode 0

If anyone can confirm that the memory dump is stored encrypted then please let me know since it would be a nice feature to turn back on.

blog comments powered by Disqus