Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use an SSD boot drive and keep Users on an encrypted data drive System 10.8
Recently I became so sick of the slowness of my MacBook Pro (late 2011 model), which has a 2.4 GHz Intel Core i5 with 16 GB RAM running Mountain Lion 10.8.2, that I decided to buy a 120 GB Kingston SVP 200 SSD drive for my boot drive and put my previous 500 GB Hitachi HD in place of the DVD drive.

I left my old system in place on the old drive and did a clean install of Mountain Lion 10.8.2 on the SSD. I then set up my main user account with the same name and password as before. In the Users & Groups preference pane, I right-clicked on my account name and selected Advanced Options, and set the location of my user account to be my old user account on the secondary drive now named Data HD. Obviously, for all permissions to work correctly you need to keep the new user names and passwords the same as the old ones. That all worked fine, and when I rebooted and logged in to my account, all my Users are on the Data HD. I then used Migration Assistant to pull over all my Apps to the SSD boot drive.

Encryption of Data HD

Control-click on a disk in the Finder to encrypt to encrypt it (in a Finder window, the Finder sidebar, or on the Desktop). Choose Encrypt "disk name" and enter a password. You’ll have to enter the password a second time, and you won’t be able to go any further unless you also enter a password hint. I tried this method and it didn’t appear to work properly so I used the Terminal approach.

Prepare a disk by converting

You encrypt disks with the diskutil command, but first, you have to convert them to a format called CoreStorage. Start by running the diskutil list command, which returns a list of all your disks, like this:

Vinces-MacBook-Pro:~ vince$ diskutil list

/dev/disk0

#: TYPE NAME SIZE IDENTIFIER

0: GUID_partition_scheme *120.0 GB disk0

1: EFI 209.7 MB disk0s1

2: Apple_HFS Macintosh SSD 119.2 GB disk0s2

3: Apple_Boot Recovery HD 650.0 MB disk0s3

/dev/disk1

#: TYPE NAME SIZE IDENTIFIER

0: GUID_partition_scheme *500.1 GB disk1

1: EFI 209.7 MB disk1s1

2: Apple_HFS Data HD 499.8 GB disk1s2

/dev/disk2

#: TYPE NAME SIZE IDENTIFIER

0: GUID_partition_scheme *500.1 GB disk2

1: EFI 209.7 MB disk2s1

2: Apple_HFS CCC Backup 499.1 GB disk2s2
The disk I want to encrypt is Data HD and to the right of the name you can see the identifier which is disk1s2. With that information I could convert that disk the CoreStorage format with the following command:
sudo diskutil corestorage convert disk4s1
Terminal will request your administrator’s password, then will begin the conversion process.
Vinces-MacBook-Pro:~ vince$ sudo diskutil corestorage convert disk1s2
Password:
Started CoreStorage operation on disk1s2 Data HD
Resizing disk to fit Core Storage headers
Creating Core Storage Logical Volume Group
Attempting to unmount disk1s2
Switching disk1s2 to Core Storage
Couldn't unmount disk1s2; converted volume won't appear until it's unmounted
Core Storage LVG UUID: 5896188D-5D8C-4A8D-95BB-3D0DC892CBF4
Core Storage PV UUID: 9A70E1FB-5FEE-445B-8E92-04EC42C32D5E
Core Storage LV UUID: EB1BD441-D493-4C2B-B6E4-A646667D79C0
Finished CoreStorage operation on disk1s2 Data HD
Encrypt the disk

The important information above is the LV UUID, or logical volume universally unique identifier. Using that information, you can then run the command to encrypt the disk, as follows:
Vinces-MacBook-Pro:~ vince$ sudo diskutil corestorage encryptvolume EB1BD441-D493-4C2B-B6E4-A646667D79C0 -passphrase password
Password:
Started CoreStorage operation on disk2 Data HD
Scheduling encryption of Core Storage Logical Volume
Core Storage LV UUID: EB1BD441-D493-4C2B-B6E4-A646667D79C0
Finished CoreStorage operation on disk2 Data HD
Replace password with your password. The next step will ensure that the Data HD gets mounted during the boot process so that your accounts are available. For this you need the excellent program Unlock by Justin Ridgewell. Full instructions for installation are on his page.

His script runs as follows:
Vinces-MacBook-Pro:~ vince$ curl https://raw.github.com/jridgewell/Unlock/master/install.sh | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2853  100  2853    0     0   1277      0  0:00:02  0:00:02 --:--:--  1971
Attempting to re-run as root...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2853  100  2853    0     0   1486      0  0:00:01  0:00:01 --:--:--  1864
Password:
--------------------------

Downloading...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   509  100   509    0     0    314      0  0:00:01  0:00:01 --:--:--   385
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   139  100   139    0     0     80      0  0:00:01  0:00:01 --:--:--    99
100 27900  100 27900    0     0   7686      0  0:00:03  0:00:03 --:--:-- 76438
--------------------------

Installing...
Do you want to unlock Data HD at boot? (y/N)
y
What is the passphrase used to encrypt Data?
*Enter passphrase for Data HD*
Following conversations with Justin, it is probably worth checking that you have an entry for Unlock: Data HD in the System Keychain. Also the script will be installed at /Library/LaunchDaemons/name.ridgewell.unlock. He also advised setting up another Admin account on the SSD in case one ever needed to do an decrypt the Data HD in case anything goes wrong. The command for that, using the example of my Data HD above, is:
diskutil cs decryptvolume EB1BD441-D493-4C2B-B6E4-A646667D79C0 -passphrase password
Obviously a bit of clean-up is necessary. For instance, all the Application icons in the Dock will be referencing the Applications on the original hard drive, so you need to delete each one and replace them by dragging the Applications to the Dock that were moved to the new SSD. Finally, I used Carbon Copy Cloner to copy the user folder from Data HD to another drive, re-formatted the Data HD to remove all the Applications and System files, and then cloned the User folder back to the Data HD. Then I tested all my Applications to make sure everything was working. So far so good and the performance increase is well worth the effort. Boot time is down to 10 seconds and all Applications open instantly!

[kirkmc adds: I wrote a Macworld article about disk encryption a couple of months ago. This hint uses that process, but goes a bit further.]
    •    
  • Currently 4.00 / 5
  You rated: 3 / 5 (6 votes cast)
 
[11,797 views]  

Use an SSD boot drive and keep Users on an encrypted data drive | 18 comments | Create New Account
Click here to return to the 'Use an SSD boot drive and keep Users on an encrypted data drive' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use an SSD boot drive and keep Users on an encrypted Data drive
Authored by: deemery on Oct 10, '12 07:43:57AM

I'm curious: What gets created in /Users to link to the user home directory on the other disk? Is it a POSIX Symbolic Link, or a MacOS X alias?



[ Reply to This | # ]
Neither
Authored by: boredzo on Oct 10, '12 09:01:50AM

… In the Users & Groups preference pane, I right-clicked on my account name and selected Advanced Options, and set the location of my user account to be my old user account on the secondary drive now named Data HD. …

Home folders don't have to be in /Users on the boot drive. Your Home folder can be anywhere. This person put it on their data drive and then set that folder as their Home folder in their account options.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: Supp0rtLinux on Oct 10, '12 09:05:17AM

So let me see if I understand the intent here… your desire is to have your OS separate from your user data (similar to how Linux and most UNIX's have a separate /home partition) and you wanted the user data encrypted for security, but you didn't want to encrypt the OS drive as you thought it would slow it down? And, I'm assuming that the 120GB SSD wasn't sufficient enough space for your OS *and* user data combined?

The reason I ask is that I have the same MBP and specs you have, but I also have a 512Gb Crucial M4 SSD. My user data is about 300Gb or so with the bulk being music and movies. However, I went from a 500Gb, 7200rpm drive with no encryption to the 512Gb SSD with full disk encryption and its still hugely faster (sub 7 second boot time and instant resume from sleep). I guess my point is that while this article is great if you have a need to move data around and separate your user data from the OS… if you simply were trying to get rid of a slow HD, you might have been better off to just buy a larger SSD and use full disk encryption. It definitely would've been less work and less risk of doing something wrong, but likely would've yielded the same performance results, albeit at a slightly higher cost.

Also, bear in mind that your encryption options aren't exactly foolproof now. Consider this: you boot from the SSD, but you can't access your user data drive until you give it the decryption key. In other words, its impossible for you to log in unless the user data drive is already mounted. But this means you stored the access to the drive in your keychain. Problem is, since your booting from your SSD *without* encryption on it and having it auto mount the user data drive, all your encrypted data is still technically available to anyone that can boot your SSD with the other drive present. You should probably consider adding full disk encryption to the SSD as well if you want an semblance of actual security via the encryption.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: poenn on Oct 10, '12 02:13:39PM

Exactly what I was thinking! :-)



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: biggles on Oct 10, '12 08:29:24PM

Good point - intending to do that. Also firmware password.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: biggles on Oct 11, '12 08:47:25AM

I have now encrypted the boot SSD drive - took only 26 mins for 120 GB - whereas a 500GB regular HD can take 8 hrs or more. Also enabled firmware password and boot time just a couple of seconds longer.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: ckoerner on Oct 10, '12 09:19:44AM

Great article and it complements something I wrote about a year ago. Hopefully this information will be useful for those following biggles hint.

OS X 10.7 Lion + OWC Data Doubler (SSD + HDD) + Filevault Encryption



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: krusty76 on Oct 10, '12 09:28:17AM
WARNING: This only works if you create the users in the same order as you did the first time. User IDs have nothing to do with your name / password and everything to do with Unix-style user / group IDs which are numbers. I believe the first one created is always User 501, but if that doesn't match and you point your current user to your old directory, you will be in a world of pain.

[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: sv1cec on Oct 10, '12 10:43:26AM

One comment on this, even though it is not directly appicable to the conditions of the author. If instead of having your user files on an internal drive, you have them on an external one, it is always prudent to include an administrator user, whose home directory is in the boot drive. In that way, even if your external drive dies, you can still boot the system and take action.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: biggles on Oct 11, '12 08:58:37AM

I have bootable USB repair sticks for that purpose and an encrypted Time Machine backup of both drives and Carbon Copy Cloner daily backups of both drives (non-encrypted) so I think I can deal with any eventuality.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: NewishMacGuy on Oct 10, '12 01:26:06PM

Or another option is to replace the current HD with a hybrid like the Seagate Momentus XT. I did that with my wife's 2011 4GB RAM MBP13 and she gets 12-13second boots with the most used applications loading instantly, all others load at 7200rpm, AND she's got 750GB (thus no longer needing an external for media). Cost = $150.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: matthewkrieger on Oct 10, '12 05:35:08PM

How does encrypting the disk this way differ from using Filevault?



[ Reply to This | # ]
Keep ~/ on the SSD
Authored by: chucky23 on Oct 11, '12 07:54:28AM

As always, putting your User folder on a platter drive instead of an SSD is almost always a bad idea.

Lots of little reads and writes are constantly being made to your ~/Library/ folder, and having that on the SSD will provide a VERY noticeable reduction in lagginess during your use of your machine.

A far better idea is to put your User folder on the SSD, and move your audio and video files to the platter drive, out of your User folder. (If space is tight, and if you've got a large-sized photo library, then move your photos too.)

The very minor speed hit of encryption on the boot drive SSD is far, far less than the major speed hit of keeping your ~/Library/ folder on the platter drive. Again, this is something quite noticeable during usage.



[ Reply to This | # ]
Keep ~/ on the SSD
Authored by: germ on Oct 11, '12 11:12:23PM
I have been running on a similar setup (without encryption) since 2010 with no issues.

Assuming you have the space on the SSD for the ~/Library folder (I don't), do you have a reliable way to put the Library folder on the SSD?

That's because I have a ton of user documents that are NOT pictures or music (easily movable to other volumes), therefore the option to keep the user folder except those file would not work for me.

[ Reply to This | # ]
Keep ~/ on the SSD
Authored by: chucky23 on Oct 12, '12 06:35:51AM

"Assuming you have the space on the SSD for the ~/Library folder (I don't), do you have a reliable way to put the Library folder on the SSD? That's because I have a ton of user documents that are NOT pictures or music (easily movable to other volumes), therefore the option to keep the user folder except those file would not work for me."

If you simply can't prune your User folder of enough stuff to make it fit on your SSD, then I would NOT recommend trying any tricks to just put ~/Library/ by itself onto the SSD. (If you do the appropriate backups, I suppose you could try to symlink that one folder to the SSD, but I haven't read any reports of folks successfully doing that, and suspect things may well break. So you could try it, but just be fully prepared for it not to work and to be able to recover your data.)

My suggestion is just for folks who CAN trim their User folder down to a size that will fit on the SSD. Doing so really will produce a very noticeable reduction in lagginess during use in many, many situations. Pretty much everything you do on the machine needs to read/write to your Caches, Application Support, and Preferences inside ~/Library/, and waiting for the platter drive for each little read/write is what causes the constant bottlenecks. Web browsing is one place of many you will see this.

For your situation, I'd recommend trying one of the many "show me what's taking up space" apps like OmniDiskSweeper to see if there is stuff in your User folder you can move out to get things to fit onto the SSD. If that doesn't do the trick, I'd recommend either buying a bigger SSD or just living with the noticeable lagginess of having ~/Library/ on the platter drive. (Disabling hibernation mode and deleting the sleepimage file will free up many GB's on the SSD, but then you have the downside of having a hard shutdown if you normally find yourself in situations where you run out of battery power.)

But the bottom line for folks is that keeping ~/Library/ on the SSD is one of the biggest bottlenecks that having an SSD can eliminate for you, and one of the biggest places it can provide a noticeable speedup during normal usage. So if you can find a way to prune and keep your User folder on the SSD, it's a very good thing to do.



[ Reply to This | # ]
Keep ~/ on the SSD
Authored by: chucky23 on Oct 16, '12 07:53:07AM

Well, it looks like the thread found a solution for you, germ.

Stanz Inator's recent post at the bottom of the thread should show you a reliable way for how you can keep ONLY your ~/Library folder on the SSD, while keeping the rest of your User data on the platter drive.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: Stanz Inator on Oct 15, '12 10:02:35AM

I have the same dual drive system set up on my late 2011 MBP (2.5 i7, 16GB ram, 750GB @ 7200 and 240GB SSD) except no encryption. I had the advantage of buying the computer new and immediately installing the SSD in the optical bay, which admittedly made things easier but I found that getting the exact results I wanted took some digging.

I put the system, library, applications and users on the SSD and created a root folder on the other that houses everything else. Using the ln - s command in the terminal I created symlink for each of the folders that I wanted to exist on the HDD (ie: Pictures) that would normally be housed in the same spot as the user folder. The links on the sidebar point to the correct location and all the auto save locations route correctly as well.



[ Reply to This | # ]
Use an SSD boot drive and keep Users on an encrypted data drive
Authored by: FlavioB on Dec 27, '12 08:59:51AM

Hello there.

I wanted to encrypt my second HDD (which is mounted as /Users) and did the following:

created an admin user with full rights (administrator)
put the admin homedir onto the SSD (system disk)
logged out from my user
logged in with admin user
executed in a terminal "diskutil list", and identified "disk2s2" to be my data hdd:

MacBook:~ admin$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *256.1 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_CoreStorage 255.2 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFS SSD *254.9 GB disk1
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk2
1: EFI 209.7 MB disk2s1
2: Apple_HFS Macintosh HD 499.2 GB disk2s2
3: Apple_Boot Recovery HD 650.0 MB disk2s3

Then I started the process with:

MacBook:~ admin$ diskutil coreStorage convert disk2s2 -passphrase MYPASPHRASE
Started CoreStorage operation on disk2s2 Macintosh HD
Resizing disk to fit Core Storage headers
Creating Core Storage Logical Volume Group
Attempting to unmount disk2s2
Switching disk2s2 to Core Storage
Couldn't unmount disk2s2; converted volume won't appear until it's unmounted
Core Storage LVG UUID: 2891D42A-3C61-49E7-85AD-CD49563A98FE
Core Storage PV UUID: 2B2C9016-E92A-49C1-8B53-74610EA660FB
Core Storage LV UUID: ABCF84E7-1753-4203-A70E-258D70C2D826
Finished CoreStorage operation on disk2s2 Macintosh HD
Encryption in progress; use `diskutil coreStorage list` for status

Now more than 5 hours have passed and the "diskutil coreStorage list" is still telling me that the status of disk2s2 is "checking":


+-- Logical Volume Group 2891D42A-3C61-49E7-85AD-CD49563A98FE
=========================================================
Name: Macintosh HD
Size: 499248103424 B (499.2 GB)
Free Space: -none-
|
+-< Physical Volume 2B2C9016-E92A-49C1-8B53-74610EA660FB
----------------------------------------------------
Index: 0
Disk: disk2s2
Status: Checking
Size: 499248103424 B (499.2 GB)

Is this correct? What should I do now? Or what did I wrong?

Thanks for your help!

F.



[ Reply to This | # ]