Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault with Optibay

jayhawk11

jayhawk11

macrumors 6502a
Original poster
Oct 19, 2007
775
283
Hey All,

Been digging around for a while here and can't seem to find any information about this.

If you're using FileVault 2 in 10.7, how does that handle installs that are split across two drives? Eg- SSD for OS+Applications, but user accounts located on a separate HDD? Anyone have any feedback?

Thanks ahead of time!
 
You can have FileVault active on any or all of your disks as desired, At least within the restrictions of what volumes FileVault can encrypt.

So you can have both encrypted if you want.
 
I don't think there's a GUI for it yet, but have a look at the manpage for diskutil in the Terminal.

Something like

Code: 
diskutil cs convert diskN -passphrase password

where diskN is your Optibay's disk identifier and password a passphrase you've chosen should work.
 
tkermit said:
I don't think there's a GUI for it yet, but have a look at the manpage for diskutil in the Terminal.

Something like

Code: 
diskutil cs convert diskN -passphrase password

where diskN is your Optibay's disk identifier and password a passphrase you've chosen should work.
Click to expand...

i just dug around a bit and found that disk utility can now format drives directly into an encrypted version of HFS+. so the question now becomes, can I unlock this drive at login and have my home folder on it?
 
mulo said:
i just dug around a bit and found that disk utility can now format drives directly into an encrypted version of HFS+. so the question now becomes, can I unlock this drive at login and have my home folder on it?
Click to expand...

ive been pondering this for a while, as you know..

as i understand it, you had Snow Leopard.. you have a SSD boot drive in the hard drive location - with OS + applications. and you have your (currently un-FileVaulted) user account on the hard drive in the optibay.

now, you pointed out this to me before.. given that you have filevault enabled for the boot drive - you can now format other drives as encrypted. *see below*
Screen_Shot_2011-07-23_at_5.02.08_PM.png


IF, you were to:
1. remove your Home Folder from this optibay hard drive (i.e. BACK IT UP)
2. erase the optibay hard drive
3. format it as encrypted
4. move the original Home Folder back onto the (newly) encrypted optibay hard drive
5. recreate the user account, using exactly the same shortname, but create it on the SSD.
6. THEN, go to system prefs->accounts->Ctrl+Click on the username and select "advanced options" and point the home directory to the newly encrypted optibay hard drive, where it should be.

maybe?
 
that was exactly what I was thinking, but there is one issue.
in lion ~/Library/ is a hidden folder, which means ill have to use some terminal command to copy it all, which is easy enough, the problem arises in maintaining all the permissions? that I don't know how to do.
might the solution be as simple as making a zip file containing everything on the drive?
 
mulo said:
that was exactly what I was thinking, but there is one issue.
in lion ~/Library/ is a hidden folder, which means ill have to use some terminal command to copy it all, which is easy enough, the problem arises in maintaining all the permissions? that I don't know how to do.
might the solution be as simple as making a zip file containing everything on the drive?
Click to expand...

why dont you just show all hidden files? then you can still copy/drag/whatever.

zipping will remember file permissions, thats a great idea - or alternatively you can just reapply them later to your liking (make yourself owner obviously :p)
 
DoFoT9 said:
why dont you just show all hidden files? then you can still copy/drag/whatever.

zipping will remember file permissions, thats a great idea - or alternatively you can just reapply them later to your liking (make yourself owner obviously :p)
Click to expand...

the solution is much simpler, I just realized, have disk utility make a disk image :)
 
I have the same configuration and ran into some trouble at this point: My main-user is stored on a HDD, everything else is on my SSD (Bootdrive). I am running this configuration successfully for a while now, but since I encrypted both drives, I cannot directly boot into my main user-account and get this error message: "You are unable to log in to the user account "user" at this time."

Only workaround for now is logging into a second user account that is located on my boot drive (SSD), put in the decryption key for my HDD and then switch to my main user account located on that HDD.

Any ideas on how to directly boot into a user account that is located on a second, encrypted HDD?
 
mulo said:
i just dug around a bit and found that disk utility can now format drives directly into an encrypted version of HFS+. so the question now becomes, can I unlock this drive at login and have my home folder on it?
Click to expand...

I can't answer the question, but I want to point something out about enabling the encryption.

Disk Utility will only encrypt during a format. This means it will trash any existing data. The command line given a few posts up will do an in-place encryption and will keep your existing data intact.

This applies to any disks using HFS+ other than the system boot drive and Time Machine. Those are encrypted via the Security applet in System Prefs and Time Machine's System Pref applet respectively.

Also, you can leave off the actual passphrase if you are paranoid about having the passphrase visible in the terminal window and your bash history file. You will be prompted for it.

Code: 
diskutil cs convert diskN -passphrase
 
Last edited:
Progress?

I'm trying to do exactly the same thing as the OP describes. SSD hosting OS and Apps, user directory on a secondary HDD.

Things are working swimmingly, with one exception. Described in this blog post I have to login to an account local to the SDD (where I ran "diskutil cs convert disk1s2 -passphrase") in order to decrypt the HDD. Then I can log out and login to my normal account just fine.

According to the aforementioned blog post this sounds like a bug, but I'm thinking it's doing exactly what you'd expect. The key seems to be getting the OS to decrypt the HDD as you login to the account.

Edit: From the comments on the Red Sweater Blog a gent posted this utility. I'm giving it a go and will let you know what I find out.

----------

Well, after a few taps in the ol' command line I'm in business. I can now login just fine to my normal user account that is encrypted and stored on the secondary drive.

I hope this helps the OP and anyone else who discovers this thread via a Google Search. (Like I did!)
 
ckoerner said:
I'm trying to do exactly the same thing as the OP describes. SSD hosting OS and Apps, user directory on a secondary HDD.

Things are working swimmingly, with one exception. Described in this blog post I have to login to an account local to the SDD (where I ran "diskutil cs convert disk1s2 -passphrase") in order to decrypt the HDD. Then I can log out and login to my normal account just fine.

According to the aforementioned blog post this sounds like a bug, but I'm thinking it's doing exactly what you'd expect. The key seems to be getting the OS to decrypt the HDD as you login to the account.

Edit: From the comments on the Red Sweater Blog a gent posted this utility. I'm giving it a go and will let you know what I find out.

----------

Well, after a few taps in the ol' command line I'm in business. I can now login just fine to my normal user account that is encrypted and stored on the secondary drive.

I hope this helps the OP and anyone else who discovers this thread via a Google Search. (Like I did!)
Click to expand...


Do you need to register to get the utility?
 
Can someone please confirm that the Windows Boot Camp partition can still access the Home folder following its encryption using FileVault? Both my Mac OS X and Windows systems share the same user data and it would be a shame if these were no longer accessible in Windows following their encryption.
 
ssn637 said:
Can someone please confirm that the Windows Boot Camp partition can still access the Home folder following its encryption using FileVault? Both my Mac OS X and Windows systems share the same user data and it would be a shame if these were no longer accessible in Windows following their encryption.
Click to expand...

Check out my thread. I could not get moving the home drive to work and Apple engineers say it will not work.

https://forums.macrumors.com/threads/1212296/

I have not tried the utility, which seems like it would work, but since I wasted 4 hours on this project already it would would nice if others could confirm that there are no unforeseen bugs.
 
Last edited:
adjuster said:
Check out my thread. I could not get moving the home drive to work and Apple engineers say it will not work.

https://forums.macrumors.com/threads/1212296/

I have not tried the utility, which seems like it would work, but since I wasted 4 hours on this project already it would would nice if others could confirm that there are no unforeseen bugs.
Click to expand...

I've gone back to 10.6.8 for now. With only around 20 GB of data on my Mac OS X system partition FileVault estimated 21 hours needed for encryption and Windows in Boot Camp no longer had access to the Mac OS X files. Since FileVault was one of the few new features of Lion I wanted to take advantage of there was no need for me to upgrade to 10.7. I've been using an SSD - OptiBay HDD configuration for almost two years now and need the 1.5 TB of total space.

Let's wait and see what happens when 10.7.1 arrives.
 
ssn637 said:
Can someone please confirm that the Windows Boot Camp partition can still access the Home folder following its encryption using FileVault? Both my Mac OS X and Windows systems share the same user data and it would be a shame if these were no longer accessible in Windows following their encryption.
Click to expand...

If you encrypt the HD holding the OS (in this case the SSD) you'll be prompted to decrypt on boot. This happens before the OS is loaded, and would only be applicable to that partition. Boot Camp would remain encrypted until you logged in to OS X at which point I believe the keychain would decrypt and mount the drive.

Correct me if I'm wrong (which I may be!), you'd not be able to access your encrypted OS X partitions when booted into Windows as Windows can not decrypt that partition.
 
ckoerner said:
Correct me if I'm wrong (which I may be!), you'd not be able to access your encrypted OS X partitions when booted into Windows as Windows can not decrypt that partition.
Click to expand...

You are correct. I just finished encrypting a Mac OS X partition and it wasn't visible in Windows. No sharing of documents between the two operating systems is possible in this case. I can access the Windows files from the Mac OS X partition (read only) but not the other way around.

A Windows virtual machine in Parallels Desktop will allow sharing with the Home folder between systems even when encrypted. I have not yet tested this when the home folder is assigned to a separate, internal encrypted partition via the OptiBay interface. But I suspect this would also be possible using the login workaround.

I'll have to look for another encryption alternative.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back