FileVault2 + Encrypted TimeMachine + Encrypt External HD + SuperDuper!

Discussion in 'OS X Mountain Lion (10.8)' started by gguerini, Jan 8, 2013.

  1. gguerini macrumors regular


    Jun 28, 2007
    Hello guys,

    I'm setting up my new backup plan and making my data more secure. This is my setup:

    "Macbook Air" -> FileVault 2

    "External HD 1" (3TB)
    - Partition A -> TimeMachine Encrypted
    - Partition B -> Photos, Music, Videos and Personal Data -> Built-in Mountain Lion Encryption (finder, right click: Encrypt HD)

    On top of that, I use CrashPlan to backup up the content of my personal data on "HD 1".

    As you can see, I have a local copy of the data and a copy in the "cloud", and everything is encrypted.

    So far so good. My question is:

    I have a second External HD (same model, same size, same partitions). I'd would like to use SuperDuper! do mirror the "HD 1". So I would have two local copies of my TimeMachine backups and two local copies of all of my data.

    How SuperDuper! will manage the encryption, since my HD1 is encrypted? Should I encrypt manually the "H2" or SuperDuper! will mirror the encryption automatically?

    I can provide more details, if needed.

    Thank you very much!

  2. calabi macrumors regular

    Dec 28, 2007
    Hello! I've love to do something similar, did you ever get it working?
  3. Xe89 macrumors regular

    Oct 23, 2009
    You must encrypt the external hard drive with Disk Utility before setting it up with SuperDuper. The hard part is to make the encrypted SuperDuper clone bootable.

    I followed the advice on this page:

    The page seems to be gone, but I have saved it, so here it is:

    How to boot from an encrypted external volume

    I have recently been emaling Dave Nanian over at Shirt Pocket, who coded SuperDuper, one of the best Mac hard drive cloning apps out there. The reason why I was pestering Dave is because I wanted to find a way to encrypt the external drive that I was cloning too but still have it bootable in the event that my internal drive died. It was this last part that was stumping me.

    Basically I followed the procedure for creating an encrypted external drive, cloned my internal onto the encrypted external using SuperDuper and by going into options and selecting Smart Update. The backup finished successfully but when I tried to boot from it by holding down the alt/option key at boot time, the drive wasn't even recognised.

    So I wrote to Dave (again, I have been pestering him a lot) and mentioned to him that it wasn't working because (in my opinion), there was no way to enter the password for the drive in order for it to decrypt and boot. He suggested to me that I should first boot into the system as normal with the encrypted external connected and then in system preferences, to click on the startup disk and select the external as my startup disk and restart. Admittedly I was skeptical but I gave it a try. And it worked!

    The drive started up, asked me for the password and then booted to the logon screen, I entered my login password and got to the desktop and I then had to enter the password for the internal drive which is also encrypted (FileVault 2), in a sense it's more paranoid than a standard login as I needed three passwords to get to everything (and I'm a good boy, those were three different passwords). This was all well and good though but it would do no good if the computer couldn't boot from the disk on a cold start (i.e. being able to boot from the external drive as soon as you power it on, without having to first boot from the internal drive and go into the operating system). This was something I had mentioned to Dave in the email and in his response, where he had suggested restarting via the prefpane in system preferences, he had also said that the drive should be recognised afterwards when starting from a cold start and holding down the alt/option key. So as the guy was on a roll, I tried it and sure enough it worked.

    I can honestly say now, that discounting the times that SuperDuper has saved me in the past, that single piece of advice there and the help that Dave gave me more than made the license worth it.

    So just to summarise the steps and spare you all of my waffle;

    Creating an External Encrypted Clone and then Booting from it

    In Disk Utility

    Select the external drive
    In the right-hand window click on the Erase tab
    For format select Mac OS X (Journaled, Encrypted), enter a password and click erase

    In SuperDuper (Once the encrypted disk is ready)

    Click the copy menu and select your source drive
    Click the to menu and select your encrypted backup drive
    Leave using to Backup - all files
    Click the Options button, tick repair permissions and underneath During Copy Select Smart Update
    Click the menu under On successful completion and select Do Nothing
    Click Ok
    Click Copy Now and confirm that you do want to start the copy.
    Now depending on how large your drive is, this can take a while, so go read, sleep, eat, whatever. Once it's finished comes the important part, if you don't do this step, you won't be able to boot from the external drive directly later on, when you may need it.

    In System Preferences

    Click Startup Disk
    Select your external, encrypted clone and click the restart button
    The computer will now restart, it will take a couple of seconds but then it will ask for the password that you used to encrypt the external drive (NB: This is not your login password, unless of course you used the same password when encrypting the drive), enter it.

    The computer will continue booting into the Logon screen, enter your logon password now
    Once at the desktop, you will receive another password prompt, this time for you internal drive (if you have it encrypted), enter it now.
    Wait a short while now for everything to finish booting etc and then restart the computer.
    As soon as the screen goes black, press and hold the alt/option key, after a few seconds the boot menu should appear showing you your available drives.
    In my case I can see the internal drive and the external drive (for some reason the recovery partition doesn't show up but it's there, I checked). If the external drive shows up, then it worked. If you get a password prompt (remember the external is still set as the main boot drive), then you missed the boot menu, press restart at the bottom and try again.

    That's it, you should now have a working, bootable, external encrypted drive to backup to and boot from.
  4. calabi macrumors regular

    Dec 28, 2007
  5. Xe89 macrumors regular

    Oct 23, 2009
    Please post your results here, it's always good to know if the method still works.
  6. calabi macrumors regular

    Dec 28, 2007

    Sorry it took me so long to try this out, but I've followed the instructions above and it worked perfectly. Instead of using your password to unlock the drive you use the passphrase and it continues to boot into standard Mac OS X logon screen. This was tested on Mavericks.


Share This Page