FileVault

Discussion in 'Mac Pro' started by jakesaunders27, Jan 7, 2014.

  1. jakesaunders27 macrumors 6502a

    jakesaunders27

    Joined:
    Jan 23, 2012
    Location:
    United Kingdom
    #1
    Hi,
    I have a RAID 1 setup in my Mac Pro, I want to encrypt it using FileVault as someone could easily pull the drives out and get at the data. How does it work, if I need to reinstall the system can I just go back in and turn it off?

    Cheers
     
  2. deconstruct60 macrumors 604

    Joined:
    Mar 10, 2009
    #2
    FileVault2 requires that you have a HD Recovery partition on your start up volume. If you have a separate start-up volume and this RAID 1 is are two other disks it should work.

    Otherwise
    "... Please note that OS X Recovery must be present on the computer's startup volume in order to use FileVault 2. Using RAID partitions or a non-standard Boot Camp partition on the startup disk may prevent OS X from installing a local Recovery system. See "OS X: Some features of Mac OS X are not supported for the disk (volume name)" for more information. ..."
    http://support.apple.com/kb/HT4718


    FileVault2 is essentially a special mode of CoreStorage(CS). What you get is a virtual volume that also happens to be encrypted. Since it is a managed, virtual volume you can turn the encryption off and Core Storage will essentially decryption your whole volume. So yes you can turn it off. (will still need the HD Recovery to hang around. )

    What is tricky if your start-up volume is a software RAID 1 is that need both recovery, but also two same sized partitions to mirror across. Both are essentially provisioned through diskutil ( RAID features and CS encryption , Filevalut)

    https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/diskutil.8.html

    CoreStorage can take Apple RAID set UUIDs as arguments.
     
  3. haravikk, Jan 7, 2014
    Last edited: Jan 7, 2014

    haravikk macrumors 65816

    Joined:
    May 1, 2005
    #3
    I have a slightly more complex setup in that I have an AppleRAID-0, joined with an SSD which is my startup volume. It runs great now, but it was a pain to get it set-up.

    If you're going to be wiping the drives anyway, then I recommend installing OS X onto one of them in order to create the Recovery Partition. If you like you could even copy that structure onto the second drive as well (or run the installer again, just keep a copy handy as it has a tendency to delete itself), as this gives you two Recovery Partitions, keeping you covered just like a RAID-1 should.

    Then you can use the main partition of each disk to create your RAID-1, then convert that into your new Core Storage volume; unfortunately this will wipe it again, requiring a further installation to finish the process, but it shouldn't encounter any errors (unlike all the other methods I've tried). Once you've got OS X setup you just enable FileVault 2, run through the setup wizard and restart; if everything's gone smoothly then Core Storage will start encrypting everything in the background.

    It seems a bit longwinded I know, but I've tried setting up the partitions and RAID first and the OS X installer just hates it; the really annoying thing is that it may even run through a big part of the installation before actually failing too, so I now prefer to do the single disk install first as that way it should definitely succeed, and you then know exactly how big the partitions on the other disk need to be, or can clone it whatever.


    To answer your other question; yes FileVault is pretty easy to turn off, in fact if you run into any issues while setting it up for the first time it'll switch itself off if you power down your computer. One thing to keep in mind is that if you use a Bluetooth keyboard and mouse then you may need to connect a wired keyboard to enter your password for the first time, after that though your Bluetooth keyboard should work. It's also worth noting that because the FileVault login occurs before the OS starts up, some devices may not work at all; for example I find that my Logitech mouse won't work at all during FileVault login, though you only need the keyboard for that so it's no big deal, it also seems that some hubs may not work. I recommend you just try it and see, but if you find an input device won't work then you can try connecting it directly to your machine.
     

Share This Page