10.7: Disable Secure Virtual Memory

Sep 21, '11 07:30:00AM

Contributed by: Michelasso

At least in the MacBooks the Secure (encrypted) Virtual Memory is enabled by default. The option to disable it has been removed from the Security & Privacy General preference panel. One may check if it is enabled by running in Terminal the following command:

$ sysctl vm.swapusage
vm.swapusage: total = 64.00M  used = 0.00M  free = 64.00M  (encrypted)
To disable it from Terminal on previous OS X versions one could issue the command
$ sudo defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -boolean no
But that doesn't work anymore. It seems that 'UseEncryptedSwap' has been replaced with 'DisableEncryptedSwap.' So to disable the Secure Virtual Memory in Lion, one should issue the command:
$ sudo defaults write /Library/Preferences/com.apple.virtualMemory DisableEncryptedSwap -boolean yes
And then reboot. Checking again the secure virtual memory status one gets:
$ sysctl vm.swapusage
vm.swapusage: total = 64.00M  used = 0.00M  free = 64.00M 
Which means the encryption has gone.

To re-enable it run the command:
$ sudo defaults write /Library/Preferences/com.apple.virtualMemory DisableEncryptedSwap -boolean no
And then reboot.

The advantage should be just a slightly less overhead on the page in & out process. Personally I disabled it because I am having massive page outs just running safari, and I want to test if the situation improves. Maybe disabling the secure memory bypasses some bugs. Still it is here for reference.

[crarko adds: It is just here for reference. I expect 99.9+% of people should leave encrypted VM active. Otherwise things such as your passwords can be found in plain text by searching the swap file(s).]

Comments (7)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20110920052038951