FileVault with Optibay

Discussion in 'Mac OS X Lion (10.7)' started by jayhawk11, Jun 11, 2011.

  1. jayhawk11 macrumors 6502a

    jayhawk11

    Joined:
    Oct 19, 2007
    #1
    Hey All,

    Been digging around for a while here and can't seem to find any information about this.

    If you're using FileVault 2 in 10.7, how does that handle installs that are split across two drives? Eg- SSD for OS+Applications, but user accounts located on a separate HDD? Anyone have any feedback?

    Thanks ahead of time!
     
  2. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #2
    You can have FileVault active on any or all of your disks as desired, At least within the restrictions of what volumes FileVault can encrypt.

    So you can have both encrypted if you want.
     
  3. mulo macrumors 68020

    mulo

    Joined:
    Aug 22, 2010
    Location:
    Behind you
  4. tkermit macrumors 68030

    tkermit

    Joined:
    Feb 20, 2004
    #4
    I don't think there's a GUI for it yet, but have a look at the manpage for diskutil in the Terminal.

    Something like

    Code:
    diskutil cs convert diskN -passphrase password
    where diskN is your Optibay's disk identifier and password a passphrase you've chosen should work.
     
  5. mulo macrumors 68020

    mulo

    Joined:
    Aug 22, 2010
    Location:
    Behind you
    #5
    i just dug around a bit and found that disk utility can now format drives directly into an encrypted version of HFS+. so the question now becomes, can I unlock this drive at login and have my home folder on it?
     
  6. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #6
    ive been pondering this for a while, as you know..

    as i understand it, you had Snow Leopard.. you have a SSD boot drive in the hard drive location - with OS + applications. and you have your (currently un-FileVaulted) user account on the hard drive in the optibay.

    now, you pointed out this to me before.. given that you have filevault enabled for the boot drive - you can now format other drives as encrypted. *see below*
    [​IMG]

    IF, you were to:
    1. remove your Home Folder from this optibay hard drive (i.e. BACK IT UP)
    2. erase the optibay hard drive
    3. format it as encrypted
    4. move the original Home Folder back onto the (newly) encrypted optibay hard drive
    5. recreate the user account, using exactly the same shortname, but create it on the SSD.
    6. THEN, go to system prefs->accounts->Ctrl+Click on the username and select "advanced options" and point the home directory to the newly encrypted optibay hard drive, where it should be.

    maybe?
     
  7. mulo macrumors 68020

    mulo

    Joined:
    Aug 22, 2010
    Location:
    Behind you
    #7
    that was exactly what I was thinking, but there is one issue.
    in lion ~/Library/ is a hidden folder, which means ill have to use some terminal command to copy it all, which is easy enough, the problem arises in maintaining all the permissions? that I don't know how to do.
    might the solution be as simple as making a zip file containing everything on the drive?
     
  8. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #8
    why dont you just show all hidden files? then you can still copy/drag/whatever.

    zipping will remember file permissions, thats a great idea - or alternatively you can just reapply them later to your liking (make yourself owner obviously :p)
     
  9. mulo macrumors 68020

    mulo

    Joined:
    Aug 22, 2010
    Location:
    Behind you
    #9
    the solution is much simpler, I just realized, have disk utility make a disk image :)
     
  10. 987S macrumors newbie

    Joined:
    Aug 9, 2011
    #10
    I have the same configuration and ran into some trouble at this point: My main-user is stored on a HDD, everything else is on my SSD (Bootdrive). I am running this configuration successfully for a while now, but since I encrypted both drives, I cannot directly boot into my main user-account and get this error message: "You are unable to log in to the user account "user" at this time."

    Only workaround for now is logging into a second user account that is located on my boot drive (SSD), put in the decryption key for my HDD and then switch to my main user account located on that HDD.

    Any ideas on how to directly boot into a user account that is located on a second, encrypted HDD?
     
  11. jc1350, Aug 9, 2011
    Last edited: Aug 9, 2011

    jc1350 macrumors 6502a

    Joined:
    Feb 4, 2008
    #11
    I can't answer the question, but I want to point something out about enabling the encryption.

    Disk Utility will only encrypt during a format. This means it will trash any existing data. The command line given a few posts up will do an in-place encryption and will keep your existing data intact.

    This applies to any disks using HFS+ other than the system boot drive and Time Machine. Those are encrypted via the Security applet in System Prefs and Time Machine's System Pref applet respectively.

    Also, you can leave off the actual passphrase if you are paranoid about having the passphrase visible in the terminal window and your bash history file. You will be prompted for it.

    Code:
    diskutil cs convert diskN -passphrase
     
  12. ckoerner macrumors newbie

    ckoerner

    Joined:
    May 21, 2006
    Location:
    St. Louis, MO
    #12
    Progress?

    I'm trying to do exactly the same thing as the OP describes. SSD hosting OS and Apps, user directory on a secondary HDD.

    Things are working swimmingly, with one exception. Described in this blog post I have to login to an account local to the SDD (where I ran "diskutil cs convert disk1s2 -passphrase") in order to decrypt the HDD. Then I can log out and login to my normal account just fine.

    According to the aforementioned blog post this sounds like a bug, but I'm thinking it's doing exactly what you'd expect. The key seems to be getting the OS to decrypt the HDD as you login to the account.

    Edit: From the comments on the Red Sweater Blog a gent posted this utility. I'm giving it a go and will let you know what I find out.

    ----------

    Well, after a few taps in the ol' command line I'm in business. I can now login just fine to my normal user account that is encrypted and stored on the secondary drive.

    I hope this helps the OP and anyone else who discovers this thread via a Google Search. (Like I did!)
     
  13. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #13

    Do you need to register to get the utility?
     
  14. ckoerner macrumors newbie

    ckoerner

    Joined:
    May 21, 2006
    Location:
    St. Louis, MO
    #14
  15. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #15
  16. ssn637 macrumors 6502

    Joined:
    Feb 12, 2009
    Location:
    Switzerland
    #16
    Can someone please confirm that the Windows Boot Camp partition can still access the Home folder following its encryption using FileVault? Both my Mac OS X and Windows systems share the same user data and it would be a shame if these were no longer accessible in Windows following their encryption.
     
  17. adjuster, Aug 16, 2011
    Last edited: Aug 16, 2011

    adjuster macrumors member

    Joined:
    Nov 29, 2007
    #17
    Check out my thread. I could not get moving the home drive to work and Apple engineers say it will not work.

    http://forums.macrumors.com/showthread.php?t=1212296

    I have not tried the utility, which seems like it would work, but since I wasted 4 hours on this project already it would would nice if others could confirm that there are no unforeseen bugs.
     
  18. ssn637 macrumors 6502

    Joined:
    Feb 12, 2009
    Location:
    Switzerland
    #18
    I've gone back to 10.6.8 for now. With only around 20 GB of data on my Mac OS X system partition FileVault estimated 21 hours needed for encryption and Windows in Boot Camp no longer had access to the Mac OS X files. Since FileVault was one of the few new features of Lion I wanted to take advantage of there was no need for me to upgrade to 10.7. I've been using an SSD - OptiBay HDD configuration for almost two years now and need the 1.5 TB of total space.

    Let's wait and see what happens when 10.7.1 arrives.
     
  19. ckoerner macrumors newbie

    ckoerner

    Joined:
    May 21, 2006
    Location:
    St. Louis, MO
    #19
    If you encrypt the HD holding the OS (in this case the SSD) you'll be prompted to decrypt on boot. This happens before the OS is loaded, and would only be applicable to that partition. Boot Camp would remain encrypted until you logged in to OS X at which point I believe the keychain would decrypt and mount the drive.

    Correct me if I'm wrong (which I may be!), you'd not be able to access your encrypted OS X partitions when booted into Windows as Windows can not decrypt that partition.
     
  20. ssn637, Aug 17, 2011
    Last edited: Aug 17, 2011

    ssn637 macrumors 6502

    Joined:
    Feb 12, 2009
    Location:
    Switzerland
    #20
    You are correct. I just finished encrypting a Mac OS X partition and it wasn't visible in Windows. No sharing of documents between the two operating systems is possible in this case. I can access the Windows files from the Mac OS X partition (read only) but not the other way around.

    A Windows virtual machine in Parallels Desktop will allow sharing with the Home folder between systems even when encrypted. I have not yet tested this when the home folder is assigned to a separate, internal encrypted partition via the OptiBay interface. But I suspect this would also be possible using the login workaround.

    I'll have to look for another encryption alternative.
     
  21. ckoerner macrumors newbie

    ckoerner

    Joined:
    May 21, 2006
    Location:
    St. Louis, MO
    #21
  22. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #22

Share This Page