Unlock to encrypt?

[Texas_Toast]

I have an external drive that I am trying to encrypt.

After I reboot my Mac, is it true that I have to first "unlock" the external drive before FileVault 2 will continue encrypting it?

In the past when I tried to encrypt an external it seemed like it didn't pick up until I logged into the external drive.

 

[Weaselboy]

The first time you attached the disk after it is encrypted, you should get a popup asking for the password. In that same popup there is an option to save that password in Keychain. If you check that option the drive will mount and unlock all on its own when attached. Otherwise, you will need to manually enter a PW each time.

 

[Texas_Toast]

The first time you attached the disk after it is encrypted, you should get a popup asking for the password. In that same popup there is an option to save that password in Keychain. If you check that option the drive will mount and unlock all on its own when attached. Otherwise, you will need to manually enter a PW each time.

That wasn't the question.

Let me try again...

I have an external HDD that holds a clone of my Mac.

I plugged in the drive, booted to it, and the turned on FileVault 2 to start the encryption process.

What I want to know is this...

If I boot to my Mac's internal SSD, and the external drive is plugged in, is that enough so that FileVault 2 will continue encrypting my external drive?

Or, when I boot up to my Mac, must I also "unlock" the external drive so that FV2 can keep encrypting the external drive? <==== This is what I believe is necessary.

Or, must I boot up to my external drive for FV2 to keep encrypting my external drive?

Follow me now?

(If macOS wasn't such a pain in the ass and would allow you to see the status of FV2 on any drive booted as any drive I'd probably be able to answer my own question, but as macOS is set up, you can't know what is happening unless it is the drive you booted to.)

 

[Weaselboy]

Or, must I boot up to my external drive for FV2 to keep encrypting my external drive?

Ah.... gotcha. I have never tested doing exactly what you are, but I think you are going to need to be booted to that drive to finish.

 

[DeltaMac]

Hmmm... I don't think you would need to boot to a system on an external drive, just to finish encryption.
What about a drive that has no bootable system at all?
Can you NOT encrypt a drive without a bootable system, only files?
Pretty sure that's incorrect.

I would expect that if you need to access the drive, then you will get a popup to unlock the drive, even if the encryption progress has not finished, and the encryption process won't notify, nor affect you in any way (although it would probably remain true unless you try to move the drive to a different computer, while it still has an unfinished encryption. Not sure what would happen in that event (?)

 

[Texas_Toast]

Ah.... gotcha. I have never tested doing exactly what you are, but I think you are going to need to be booted to that drive to finish.

I'm pretty sure that if you boot to your main drive and then unlock the external drive that FV2 will keep encrypting.

Can anyone confirm that?

However, I think if you boot to your main drive and do not unlock the external drive then FV2 will sit idle.

Again, I'm not certain, and there is no way for me to see what is going on while booted to my main drive.

Thanks.

 

[Weaselboy]

The reason I think you may need to be booted to it is this is not the same as just right clicking and encrypting an external drive. FC on a boot drive does more than just encrypt... it makes changes to the recovery volume and boot process also.

If you run the first command for HFS or the second for APFS, it will show the conversion process/progress.

diskutil cs list

diskutil apfs list

 

[DeltaMac]

The reason I think you may need to be booted to it is this is not the same as just right clicking and encrypting an external drive. FC on a boot drive does more than just encrypt... it makes changes to the recovery volume and boot process also.

If you run the first command for HFS or the second for APFS, it will show the conversion process/progress.

Ah, OK, I forgot that bit... Tx Weaselboy
I agree, booting to the external drive is likely necessary for FV to complete.

 

[PBG4 Dude]

Here is the manpage for fdsetup. You'll probably want to follow the directions on this link to pull up the most current manpage on your Mac, but this will give you an idea of what you can do with fdsetup:

https://developer.apple.com/legacy/...arwin/Reference/ManPages/man8/fdesetup.8.html

 

[Texas_Toast]

Hmmm... I don't think you would need to boot to a system on an external drive, just to finish encryption.
What about a drive that has no bootable system at all?
Can you NOT encrypt a drive without a bootable system, only files?
Pretty sure that's incorrect.

You can encrypt an external drive that is not botoable, but I'm not sure if that happens via FileVault 2.

From what I have read, there seems to be an entirely different process for going into System Preferences and using FV2 to encrypt a drive versus right-clicking on a drive on your Desktop.

I would expect that if you need to access the drive, then you will get a popup to unlock the drive, even if the encryption progress has not finished,

Right, that is what I implied on my OP. When I boot to my Mac with the external drive plugged in, I get a pop-up asking if I want to unlock the external drive.

And the my question is, "If I did not unlock the external drive, would it sit idle?"

From what I recall, if you don't boot to the external drive or at least unlock it, FV2 will not continue.

But then I'm not certain and I have no way to be certain.

and the encryption process won't notify, nor affect you in any way (although it would probably remain true unless you try to move the drive to a different computer, while it still has an unfinished encryption. Not sure what would happen in that event (?)

If you yanked out the drive you run the risk of corruption and then you are SOL...

If you eject the disk, it shouldn't hurt FV2.

 

[DeltaMac]

You ALWAYS run some risk (even without any level of encryption) if you "yanked out the drive" without a normal eject process. But, yes, the encryption process would be an even possibly worse scenario when "yanking" your drive.
Just my opinion, I would recommend that you should never do that, barring a real emergency, I suppose.
(Weaselboy post #7 has terminal commands that should show the status on encryption. That would be helpful for your question.

 

[Texas_Toast]

You ALWAYS run some risk (even without any level of encryption) if you "yanked out the drive" without a normal eject process. But, yes, the encryption process would be an even possibly worse scenario when "yanking" your drive.
Just my opinion, I would recommend that you should never do that, barring a real emergency, I suppose.
(Weaselboy post #7 has terminal commands that should show the status on encryption. That would be helpful for your question.

I'll have to do a test tonight...

Boot up to my main drive, don't unlock my external, and see if it makes any progress.

Have been switching drives so much during setup it felt like my external wasn't moving anywhere, but I don't know.

Sounds like nobody here was 100% certain on my OP.

I'll post an update later.

 

[Texas_Toast]

The reason I think you may need to be booted to it is this is not the same as just right clicking and encrypting an external drive. FC on a boot drive does more than just encrypt... it makes changes to the recovery volume and boot process also.

If you run the first command for HFS or the second for APFS, it will show the conversion process/progress.

diskutil cs list

diskutil apfs list

It appears that you have to either boot to the drive you want to encrypt or you have to at least "unlock" it.

When I booted to my main drive and ran diskutil cs list it showed the external drive's encryption was "paused".

After I typed in a password and "unlocked" it, then "Conversion Process" shows 79%. (I can now also see a flashing blue light on my external drive.)