Recently I became so sick of the slowness of my MacBook Pro (late 2011 model), which has a 2.4 GHz Intel Core i5 with 16 GB RAM running Mountain Lion 10.8.2, that I decided to buy a 120 GB Kingston SVP 200 SSD drive for my boot drive and put my previous 500 GB Hitachi HD in place of the DVD drive.
I left my old system in place on the old drive and did a clean install of Mountain Lion 10.8.2 on the SSD. I then set up my main user account with the same name and password as before. In the Users & Groups preference pane, I right-clicked on my account name and selected Advanced Options, and set the location of my user account to be my old user account on the secondary drive now named Data HD. Obviously, for all permissions to work correctly you need to keep the new user names and passwords the same as the old ones. That all worked fine, and when I rebooted and logged in to my account, all my Users are on the Data HD. I then used Migration Assistant to pull over all my Apps to the SSD boot drive.
Encryption of Data HD
Control-click on a disk in the Finder to encrypt to encrypt it (in a Finder window, the Finder sidebar, or on the Desktop). Choose Encrypt "disk name" and enter a password. You’ll have to enter the password a second time, and you won’t be able to go any further unless you also enter a password hint. I tried this method and it didn’t appear to work properly so I used the Terminal approach.
Prepare a disk by converting
You encrypt disks with the
diskutil command, but first, you have to convert them to a format called CoreStorage. Start by running the
diskutil list command, which returns a list of all your disks, like this:
Vinces-MacBook-Pro:~ vince$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *120.0 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS Macintosh SSD 119.2 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk1
1: EFI 209.7 MB disk1s1
2: Apple_HFS Data HD 499.8 GB disk1s2
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.1 GB disk2
1: EFI 209.7 MB disk2s1
2: Apple_HFS CCC Backup 499.1 GB disk2s2
The disk I want to encrypt is Data HD and to the right of the name you can see the identifier which is
disk1s2. With that information I could convert that disk the CoreStorage format with the following command:
sudo diskutil corestorage convert disk4s1
Terminal will request your administrator’s password, then will begin the conversion process.
Vinces-MacBook-Pro:~ vince$ sudo diskutil corestorage convert disk1s2
Password:
Started CoreStorage operation on disk1s2 Data HD
Resizing disk to fit Core Storage headers
Creating Core Storage Logical Volume Group
Attempting to unmount disk1s2
Switching disk1s2 to Core Storage
Couldn't unmount disk1s2; converted volume won't appear until it's unmounted
Core Storage LVG UUID: 5896188D-5D8C-4A8D-95BB-3D0DC892CBF4
Core Storage PV UUID: 9A70E1FB-5FEE-445B-8E92-04EC42C32D5E
Core Storage LV UUID: EB1BD441-D493-4C2B-B6E4-A646667D79C0
Finished CoreStorage operation on disk1s2 Data HD
Encrypt the disk
The important information above is the LV UUID, or logical volume universally unique identifier. Using that information, you can then run the command to encrypt the disk, as follows:
Vinces-MacBook-Pro:~ vince$ sudo diskutil corestorage encryptvolume EB1BD441-D493-4C2B-B6E4-A646667D79C0 -passphrase password
Password:
Started CoreStorage operation on disk2 Data HD
Scheduling encryption of Core Storage Logical Volume
Core Storage LV UUID: EB1BD441-D493-4C2B-B6E4-A646667D79C0
Finished CoreStorage operation on disk2 Data HD
Replace
password with your password. The next step will ensure that the Data HD gets mounted during the boot process so that your accounts are available. For this you need the excellent program
Unlock by Justin Ridgewell. Full instructions for installation are on his page.
His script runs as follows:
Vinces-MacBook-Pro:~ vince$ curl https://raw.github.com/jridgewell/Unlock/master/install.sh | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2853 100 2853 0 0 1277 0 0:00:02 0:00:02 --:--:-- 1971
Attempting to re-run as root...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2853 100 2853 0 0 1486 0 0:00:01 0:00:01 --:--:-- 1864
Password:
--------------------------
Downloading...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 509 100 509 0 0 314 0 0:00:01 0:00:01 --:--:-- 385
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 139 100 139 0 0 80 0 0:00:01 0:00:01 --:--:-- 99
100 27900 100 27900 0 0 7686 0 0:00:03 0:00:03 --:--:-- 76438
--------------------------
Installing...
Do you want to unlock Data HD at boot? (y/N)
y
What is the passphrase used to encrypt Data?
*Enter passphrase for Data HD*
Following conversations with Justin, it is probably worth checking that you have an entry for Unlock: Data HD in the System Keychain. Also the script will be installed at /Library/LaunchDaemons/name.ridgewell.unlock. He also advised setting up another Admin account on the SSD in case one ever needed to do an decrypt the Data HD in case anything goes wrong. The command for that, using the example of my Data HD above, is:
diskutil cs decryptvolume EB1BD441-D493-4C2B-B6E4-A646667D79C0 -passphrase password
Obviously a bit of clean-up is necessary. For instance, all the Application icons in the Dock will be referencing the Applications on the original hard drive, so you need to delete each one and replace them by dragging the Applications to the Dock that were moved to the new SSD. Finally, I used Carbon Copy Cloner to copy the user folder from Data HD to another drive, re-formatted the Data HD to remove all the Applications and System files, and then cloned the User folder back to the Data HD. Then I tested all my Applications to make sure everything was working. So far so good and the performance increase is well worth the effort. Boot time is down to 10 seconds and all Applications open instantly!
[
kirkmc adds: I wrote a
Macworld article about disk encryption a couple of months ago. This hint uses that process, but goes a bit further.]