10.7: Using FileVault2 to encrypt a second hard drive with user folders

Sep 07, '11 07:30:00AM

Contributed by: rakmod

FileVault2 is an excellent addition to Lion. Amusingly though, Apple has done exactly the same thing as Microsoft did when it introduced Bitlocker in Vista (which it corrected with Windows 7). Apple has made it easy to encrypt the system drive, and difficult to encrypt other drives.

This hint describes how to place a user home directory on a FileVault2 encrypted partition on a second hard drive and have that partition load automatically on boot.

The primary issue is that when the user home directory is on a secondary encrypted drive it will not automatically unlock when the user logs on, thus resulting in a logon error for that user. Once unlocked the partition with the user home directory will automatically mount.

Note: Once these operations have been performed, Disk Utility cannot be used to modify the second disk. Terminal and diskutil need to be used instead.


Once you have all that, here are the instructions for setting up the encryption:
[crarko adds: I haven't tested this one. I'd suggest trying this one with a test system and user to get comfortable with the process before trying it on a production machine. At minimum, have a known good backup of everything.]

Comments (5)

Mac OS X Hints