I recently purchased a Macbook Pro (late 2016) which now includes Touch ID, like the iPhones have been for a while. Although this is a very convenient addition, I am wondering how this affects the security of full disk encryption (with FileVault 2).
As far as I know, it is not possible to use a (biometric) fingerprint as an encryption/decryption key directly (which explains why you need to type in your password after rebooting the machine). This would mean that the password would need to be stored somewhere, unencrypted, which OSX "unlocks" after scanning the correct fingerprint.
(Admittedly, I'm not too familiar with how FileVault works in detail either, so maybe I'm missing something there)
I'm assuming that the data is not unlocked all the time that my machine is powered on (after logging in for the first time), but I can't find any good articles on how this process works exactly. Anyone able to explain or point me in the right direction? Is enabling Touch ID in combination with FileVault considered more/less secure?