Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

Programatically Encrypt Virtual Memory

Encrypting virtual memory is a request I see more and more.  And touching a large number of machines to enable it en masse is a bit labor intensive.  The setting is stored in the /Library/Preferences/com.apple.virtualMemory.plist, in the UseEncryptedSwap key, a boolean key that can have either a yes or a no as the value.  By default it is disabled.  In order to enable it you would then use the following defaults command:
defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -bool yes
To then disable encrypted virtual memory programatically:
defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -bool no
I recently had a request to do this on systems that were already running full disk encryption.  It worked and the systems (from what we could tell) suffered no performance loss; however, I have to question why we would both to double-encrypt virtual memory…