Safe-Sleep is a technology from Apple — similar to the hibernation in Windows systems — that allows Mac OS X to save the contents of the entire RAM into the filesystem when the computer is put to sleep. This helps the system surviving a complete power loss, for example, like when replacing batteries on the fly.
The entire contents of the RAM are stored in
/private/var/vm/sleepimage completely un-encrypted, even if the user explicitly configured FileVault or an encrypted swap. A possible reasoning for this is that
sleepimage is a per-system, and not a per-user, file and thus completely unrelated to FileVault and I guess that encryption is not possible since the firmware needs access to some contents of this file.
While Safe-Sleep could seem like a nice feature for Mac OS X, for me it constitutes a big threat to my privacy. In fact, I’ve seen my log-in password stored in plain text in /private/var/vm/sleepimage a couple of time which, of course, scares me.
To disable Safe-Sleep, run the following command:
sudo pmset -a hibernatemode 0
If you ever want to re-enable Safe-Sleep, run the following command:
sudo pmset -a hibernatemode 3