Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Encrypt almost any disk in Mountain Lion System 10.8
With Mountain Lion, you can now use the OS to encrypt disks other than the startup volume, assuming they are in GUID format. This includes USB flash drives and external Firewire/USB/ThunderBolt drives.

In the Finder, open a new window. Find your mounted (GUID) drive in the sidebar.

Control-click on the drive in the sidebar, then choose "Encrypt <drive name>." You are now prompted for your password and a hint (which is required). You will get no feedback, so wait for a few minutes; the time depends on the size of the drive.

The drive should unmount and mount again. Once this happens, your drive is encrypted.

If you choose your startup volume, this will enable FileVault II. Other drives do not enable FileVault II.

[kirkmc adds: I, for one, think this is pretty nifty. I know a lot of people who have two drives in an older laptop, where they replaced the optical drive with an SSD. Being able to encrypt the non-boot drive is quite practical, and being able to encrypt a portable drive even better.

It should be noted that there's no feedback during the encryption process. The only way you know something is happening is if the drive has an LED that shows read/write activity. And the process can take a long time; even for a 1 GB flash drive, where I tested it, it took several minutes.

Another thing to note is that an encrypted drive doesn't show up in Disk Utility. So if you need to erase that drive, you have to right-click on the drive's name and choose "Decrypt <drive name>."]
    •    
  • Currently 3.38 / 5
  You rated: 2 / 5 (8 votes cast)
 
[11,001 views]  

Encrypt almost any disk in Mountain Lion | 6 comments | Create New Account
Click here to return to the 'Encrypt almost any disk in Mountain Lion ' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Encrypt almost any disk in Mountain Lion
Authored by: TheFLP on Jul 30, '12 08:07:20AM

I avoided File Vault in Lion because it reportedly didn't work well in my situation: two internal drives (SSD and HDD), with my Home directory on the secondary HDD drive. If I remember right, it wouldn't decrypt the secondary drive until after logging in, which is a problem when your user account is on that drive.

Any change there? I'm a little averse to experiments that might make the machine unbootable. But I'd really like to encrypt my drives for peace of mind.



[ Reply to This | # ]
Encrypt almost any disk in Mountain Lion
Authored by: ckoerner on Jul 30, '12 09:10:32AM
I too had the same difficulty and gave up on encrypting the secondary drive hosting my user folder. I wrote about it here about a year ago. At the time the utility Unlocked seemed to solve the problem. (I ended up abandoning the encryption of the secondary drive as I also wanted a BootCamp partition on the secondary HDD.)

[ Reply to This | # ]
Encrypt almost any disk in Mountain Lion
Authored by: TheFLP on Jul 30, '12 10:06:48AM

Hmm. I've had problems with launchd items that are supposed to run at (before?) login, but maybe with this utility I'll have better luck. (In related news, pigs fly!)

I don't use BootCamp, so that's one complication I don't have to deal with. ;)

Maybe this weekend I'll feel brave enough to try it. Thanks!



[ Reply to This | # ]
Encrypt almost any disk in Mountain Lion
Authored by: firedune on Jul 30, '12 10:14:57PM

I got an error: "MediaKit reports block size error, usually caused by not being a multiple of 512."

anyone knows what is the problem and how I can fix it.



[ Reply to This | # ]
Encrypt almost any disk in Mountain Lion
Authored by: Waffles on Aug 01, '12 05:25:15AM

You can use the command line to do lots of stuff with encrypted CoreStorage volumes that you can't do with Disk Utility, such as see the progress of drive encryption operations and modify/add/delete partitions on an encrypted volume. The relevant commands begin with "diskutil cs" or "diskutil coreStorage" (without the quotes, of course). See this page for a nice rundown of what's currently possible: http://blog.fosketts.net/2011/08/05/undocumented-corestorage-commands/



[ Reply to This | # ]
Encrypt almost any disk in Mountain Lion
Authored by: aalegado on Jun 12, '13 03:17:16PM

I recently began encrypting the boot drive and external drives on my system and have some observations to offer regarding the encryption of the non-boot volumes:

  1. Besides disk activity LEDs (if any), you can also use the
    diskutil cs list
    command to list all the Core Storage volumes and encryption progress. In the Logical Volume section there will "Size (Total)" and "Size (Converted)" fields. The "Size (Converted)" field will show a byte-count during the encryption process. The output of the command is static so to see progress you must re-issue the command to see that the byte-count is actually incrementing.
  2. Once I started the encryption process for a given volume, if I then issued the
    diskutil cs list
    command I would not see a complete record tree for that volume. By complete record tree I mean a record with Logical Volume Group entry, a Physical Volume entry, a Logical Volume Family entry, and a Logical Volume entry. What I did see was an entry with a status of "Offline" and no way to see any progress. After restarting the system, if I then issued the
    diskutil cs list
    command I would see appropriate activity (the "Size (Converted)" field showing an increasing byte-count)
  3. It is safe to restart the system even while volume(s) are being encrypted. After the system restarts, the encryption process for each volume being encrypted will pick-up where it left off.
  4. After the system restarts and once you've logged-in, the Finder will query you for the password for the volume you started to encrypt in the previous session. You'll want to have the password handy either on a piece of paper or, in my case, via a secure note stored in 1Password. You'll want to store the password in the Keychain if you want to avoid having to enter the password for all your encrypted volumes at mount-time.

Item #3 is worth singling-out: In researching FileVault and whole volume encryption I found references to one user's experience where an encryption process was somehow corrupted across a system restart. The experience did not account for why/how the corruption took place but until I verified the actual behavior myself, it was implied that restarting the system after initiating the encryption process was not advisable. In my case the encryption processes have survived multiple system restarts since I restarted the system after initiating the encryption process for each of (so far) two volumes.

Encryption is slow—I'm seeing about 60-65GB/hr. on late 2012 Mac mini Server (2.3GHz Core i7)—but you do have unfettered access to the volume(s) while they are being encrypted.

Edited on Jun 12, '13 03:25:40PM by aalegado


[ Reply to This | # ]