Encryption

Discussion in 'OS X Yosemite (10.10)' started by pops1368, Apr 3, 2015.

  1. pops1368 macrumors newbie

    Joined:
    Jan 17, 2014
    #1
    Hi,

    Apologies if this is in the wrong section.

    I have an early 2011 MacBook Pro and have a SSD and a secondary drive installed. I have recently decided to encrypt my MBP, which was pretty straight forward. However, when checking the secondary hard drive, I noticed that it had not been encrypted.

    This is where I really need your help, as it is doing my nut in. Please can someone advise me as to whether this even possible. If yes, how can I encrypt the secondary drive??

    Thanks
     
  2. dyt1983 macrumors 65816

    Joined:
    May 6, 2014
    Location:
    USA USA USA
    #2
    Assuming the drive is formatted with GUID, just right-click/two finger-click/ctrl-click the drive icon, and select "Encrypt".
     
  3. pops1368 thread starter macrumors newbie

    Joined:
    Jan 17, 2014
    #3
    Cool. Thanks dyt1983 I shall try that and fingers crossed it works.
     
  4. Michael Anthony macrumors regular

    Joined:
    Oct 18, 2012
    Location:
    Australia
    #4
    Backup your data first ;)

    Then make sure to securely erase the backup or encrypt the backup afterwards.
     
  5. pops1368 thread starter macrumors newbie

    Joined:
    Jan 17, 2014
    #5
    Cheers Michael, I have decided against Encrypting the secondary drive., as this is where my Home is and when I tried rebooting and logging in, I got an error message.
     
  6. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #6
    Possible answers/solutions

    It's not specific to Yosemite so the OS X sub-forum would be a better place; you can flag your own opening post with a request for moderators to move the topic.

    From the responses to your other recent topic – Unable To Login. – you might already realise that you can have, in a 'first' account, a keychain item to automatically unlock the logical volume for a 'second' account. That's my current routine, where my Core Storage encrypted ZFS home directory is in a different LVG from the LVG that stores the operating system.

    Today for you I found, in Ask Different: FileVault 2 encrypted disks with my home directory on a different drive – two complementary answers. That'll probably suit me, too; it's relatively simple.

    I'll test for myself then share results here.

    Other, more technical, points of reference

    Best Practices for Deploying FileVault 2 – Apple Technical White Paper (2012-08-17)

    libfvde wiki on GitHub – three or more good PDFs in that area.
     
  7. pops1368 thread starter macrumors newbie

    Joined:
    Jan 17, 2014
    #7
    Thanks for the the advice Graham, very much appreciated.
     
  8. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #8
    Success

    Confirmed, http://apple.stackexchange.com/a/25759/8546 is effective.

    Use the System keychain for the encrypted volume password item that grants access to CSUserAgent for the required logical volume. The attached screenshot is indicative of the appearance of an item of that type.

    After the operating system starts the LV will be unlocked, by the system, without user interaction. ​

    Side notes

    In my tests, this evening, things were sometimes too slow.

    Technically: a process began writing under the mount point before the mount of the required volume. However, my environment is unusual – a combination of ZFS and HFS Plus on a single physical disk. (ZFS alone would allow a speedier mount of the ZFS volume.) ​

    pops1368, I doubt that you'll find the same problem. Expect the unlocked LV to be at its mount point in good time.

    (If inot timely, the symptoms will be immediately recognisable – the Dock and desktop will appear as if you have logged in to a newly created account.)
     

    Attached Files:

Share This Page