Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault data drive?

S

safelder

macrumors member
Original poster
Jan 9, 2010
78
0
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_10 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8E600 Safari/6533.18.5)

FileVailt only seems to encrypt my boot drive. My home folder and user data resides on a separate drive. Is it possible to encrypt that data at rest using FileVault? Or do I need third party sw?
 
You can encrypt any drive (as long as it has enough free space for the corestoreage conversion) using:

Code: 
diskutil cs convert [device] -passphrase

You will be prompted to set the password.

BUT, if you encrypt the disk with your home directory and that disk is not the internal system disk, you may have problems logging in. There are other threads covering this and I don't think anyone had a perfect fit. The best that I saw so far was you have to boot and log in with a user who's directory is on the internal disk, mount the other disk, then you can log in as your primary user.
 
jc1350 said:
You can encrypt any drive (as long as it has enough free space for the corestoreage conversion) using:

Code: 
diskutil cs convert [device] -passphrase

You will be prompted to set the password.

BUT, if you encrypt the disk with your home directory and that disk is not the internal system disk, you may have problems logging in. There are other threads covering this and I don't think anyone had a perfect fit. The best that I saw so far was you have to boot and log in with a user who's directory is on the internal disk, mount the other disk, then you can log in as your primary user.
Click to expand...

That seems a bit too much of a hack method at the moment. Hopefully Apple will enable multiple internal drive encryption, I mean they are selling Mini's and Pro's with multiple drives now, so the concept isn't new.
 
marc11 said:
That seems a bit too much of a hack method at the moment. Hopefully Apple will enable multiple internal drive encryption, I mean they are selling Mini's and Pro's with multiple drives now, so the concept isn't new.
Click to expand...

It's not a hack method. It is the same method filevault2 uses to encrypt your volume. It is part of coreStorage. It is just the command line. You can view the man page, man diskutil and read all about it.
 
mrapplegate said:
It's not a hack method. It is the same method filevault2 uses to encrypt your volume. It is part of coreStorage. It is just the command line. You can view the man page, man diskutil and read all about it.
Click to expand...

Sorry I wasn't clear, I meant the need to log in, mount the data drive manually, etc isn't exactly how it works today. When I log in today, everything is mounted and ready to go, I do not need to log into my boot drive, then mount and log into my data drive manually. That seemed kind of like a hack to me.
 
marc11 said:
Sorry I wasn't clear, I meant the need to log in, mount the data drive manually, etc isn't exactly how it works today. When I log in today, everything is mounted and ready to go, I do not need to log into my boot drive, then mount and log into my data drive manually. That seemed kind of like a hack to me.
Click to expand...

I understand your point. It is not exactly the "Apple" way yet, but the only way for now.
 
jc1350 said:
You can encrypt any drive (as long as it has enough free space for the corestoreage conversion) using:

Code: 
diskutil cs convert [device] -passphrase

You will be prompted to set the password.

BUT, if you encrypt the disk with your home directory and that disk is not the internal system disk, you may have problems logging in. There are other threads covering this and I don't think anyone had a perfect fit. The best that I saw so far was you have to boot and log in with a user who's directory is on the internal disk, mount the other disk, then you can log in as your primary user.
Click to expand...

I have two system volumes (one personal, one work) on the internal disk. FileVault 2 allows me to encrypt one volume, but it fails on the second volume (says something about unsupport disk format). If I use the command line to encrypt the second volume, can I still boot from it like the first?

If I experiment and encrypt, what's the command line to unencrypt if it doesn't work?

Thanks,
Jeff
 
replace "convert" with "revert"

Open terminal and type 'man diskutil' to get all the options and syntax for diskutil.
 
FYI, it works. I'm not sure if this will apply to others, but if you have two bootable volumes on your disk, FileVault 2 will only allow you to encrypt one via the GUI. I was able to encrypt the second volume via:
Code: 
diskutil cs convert [device] -passphrase

And all works fine.

Jeff
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back