Encrypting virtual memory is a request I see more and more. And touching a large number of machines to enable it en masse is a bit labor intensive. The setting is stored in the /Library/Preferences/com.apple.virtualMemory.plist, in the UseEncryptedSwap key, a boolean key that can have either a yes or a no as the value. By default it is disabled. In order to enable it you would then use the following defaults command:
defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -bool yes
To then disable encrypted virtual memory programatically:
defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -bool no
I recently had a request to do this on systems that were already running full disk encryption. It worked and the systems (from what we could tell) suffered no performance loss; however, I have to question why we would both to double-encrypt virtual memory…
