Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Encrypt almost any disk in Mountain Lion ' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Encrypt almost any disk in Mountain Lion
Authored by: aalegado on Jun 12, '13 03:17:16PM

I recently began encrypting the boot drive and external drives on my system and have some observations to offer regarding the encryption of the non-boot volumes:

  1. Besides disk activity LEDs (if any), you can also use the
    diskutil cs list
    command to list all the Core Storage volumes and encryption progress. In the Logical Volume section there will "Size (Total)" and "Size (Converted)" fields. The "Size (Converted)" field will show a byte-count during the encryption process. The output of the command is static so to see progress you must re-issue the command to see that the byte-count is actually incrementing.
  2. Once I started the encryption process for a given volume, if I then issued the
    diskutil cs list
    command I would not see a complete record tree for that volume. By complete record tree I mean a record with Logical Volume Group entry, a Physical Volume entry, a Logical Volume Family entry, and a Logical Volume entry. What I did see was an entry with a status of "Offline" and no way to see any progress. After restarting the system, if I then issued the
    diskutil cs list
    command I would see appropriate activity (the "Size (Converted)" field showing an increasing byte-count)
  3. It is safe to restart the system even while volume(s) are being encrypted. After the system restarts, the encryption process for each volume being encrypted will pick-up where it left off.
  4. After the system restarts and once you've logged-in, the Finder will query you for the password for the volume you started to encrypt in the previous session. You'll want to have the password handy either on a piece of paper or, in my case, via a secure note stored in 1Password. You'll want to store the password in the Keychain if you want to avoid having to enter the password for all your encrypted volumes at mount-time.

Item #3 is worth singling-out: In researching FileVault and whole volume encryption I found references to one user's experience where an encryption process was somehow corrupted across a system restart. The experience did not account for why/how the corruption took place but until I verified the actual behavior myself, it was implied that restarting the system after initiating the encryption process was not advisable. In my case the encryption processes have survived multiple system restarts since I restarted the system after initiating the encryption process for each of (so far) two volumes.

Encryption is slow—I'm seeing about 60-65GB/hr. on late 2012 Mac mini Server (2.3GHz Core i7)—but you do have unfettered access to the volume(s) while they are being encrypted.

Edited on Jun 12, '13 03:25:40PM by aalegado


[ Reply to This | # ]