FileVault data drive?

Discussion in 'Mac OS X Lion (10.7)' started by safelder, Aug 10, 2011.

  1. safelder macrumors member

    Joined:
    Jan 9, 2010
    #1
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_10 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8E600 Safari/6533.18.5)

    FileVailt only seems to encrypt my boot drive. My home folder and user data resides on a separate drive. Is it possible to encrypt that data at rest using FileVault? Or do I need third party sw?
     
  2. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #2
    I recently read this, you can do it via command line, but I am not sure how safe it is. I too have been wondering if having just the boot drive which holds my applications and OS encrypted but not my data drive makes sense. I do not think it does, but I am worried about trying this command line encryption option...

    http://www.joshkerr.com/2011/06/using-file-vault-2-with-multiple-drives/
     
  3. jc1350 macrumors 6502a

    Joined:
    Feb 4, 2008
    #3
    You can encrypt any drive (as long as it has enough free space for the corestoreage conversion) using:

    Code:
    diskutil cs convert [device] -passphrase
    You will be prompted to set the password.

    BUT, if you encrypt the disk with your home directory and that disk is not the internal system disk, you may have problems logging in. There are other threads covering this and I don't think anyone had a perfect fit. The best that I saw so far was you have to boot and log in with a user who's directory is on the internal disk, mount the other disk, then you can log in as your primary user.
     
  4. safelder thread starter macrumors member

    Joined:
    Jan 9, 2010
    #4
    I share your worry. That just seems risky to me. Anybody try it?
     
  5. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #5
    That seems a bit too much of a hack method at the moment. Hopefully Apple will enable multiple internal drive encryption, I mean they are selling Mini's and Pro's with multiple drives now, so the concept isn't new.
     
  6. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #6
    It's not a hack method. It is the same method filevault2 uses to encrypt your volume. It is part of coreStorage. It is just the command line. You can view the man page, man diskutil and read all about it.
     
  7. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #7
    Sorry I wasn't clear, I meant the need to log in, mount the data drive manually, etc isn't exactly how it works today. When I log in today, everything is mounted and ready to go, I do not need to log into my boot drive, then mount and log into my data drive manually. That seemed kind of like a hack to me.
     
  8. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #8
    I understand your point. It is not exactly the "Apple" way yet, but the only way for now.
     
  9. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #9
    Yep thanks.
     
  10. blulite macrumors newbie

    Joined:
    Jul 2, 2011
    #10
    I have two system volumes (one personal, one work) on the internal disk. FileVault 2 allows me to encrypt one volume, but it fails on the second volume (says something about unsupport disk format). If I use the command line to encrypt the second volume, can I still boot from it like the first?

    If I experiment and encrypt, what's the command line to unencrypt if it doesn't work?

    Thanks,
    Jeff
     
  11. jc1350 macrumors 6502a

    Joined:
    Feb 4, 2008
    #11
    replace "convert" with "revert"

    Open terminal and type 'man diskutil' to get all the options and syntax for diskutil.
     
  12. blulite macrumors newbie

    Joined:
    Jul 2, 2011
    #12
    FYI, it works. I'm not sure if this will apply to others, but if you have two bootable volumes on your disk, FileVault 2 will only allow you to encrypt one via the GUI. I was able to encrypt the second volume via:
    Code:
    diskutil cs convert [device] -passphrase
    
    And all works fine.

    Jeff
     

Share This Page