Re: [Fed-Talk] Lion FileVault
Re: [Fed-Talk] Lion FileVault
- Subject: Re: [Fed-Talk] Lion FileVault
- From: "Link, Peter R." <email@hidden>
- Date: Fri, 22 Jul 2011 06:48:54 -0700
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Lion FileVault
This was one of the tests I did before Lion was released and I had problems. Encrypting the external drive was no problem and when it's attached to any Mac running Lion, it asks for the password when connecting. My problem arose when I tried to reformat the external drive. Disk Utility wouldn't let me do it because it was part of a CoreStorage volume (new feature of Lion). I had to use diskutil and after some guessing, I messed up the entire volume, which is attached to the original FV2 volume. I submitted a bug about Disk Utilities lack of ability to handle FV2 external disks but haven't heard back. Maybe they don't want people using the GUI to do this or maybe I just didn't see the appropriate commands to do it.
I will be going back and trying it again since I could swear I encrypted my boot volume and then it wasn't, at least not after deleting the CoreStorage volume. I'll be more careful this time and document status as I go.
I haven't tried encrypting just a partition but I might try that to see what happens.
As far as Ars' statement about being able to reformat a volume with encryption using the Disk Utility application, I tried and it wouldn't let me so be very careful when testing FV2, especially with external disks.
just saw Rich's email, which I'll keep when testing again.
On Jul 22, 2011, at 6:17 AM, Reese, Brian J Mr CTR DoD DMA wrote:
>> From this review:
>
> http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/13
>
> " Lion doesn't make encrypting disks other than the boot disk particularly
> easy. The Disk Utility application can remove encryption from a volume,
> change a volume's encryption password, or reformat a volume with encryption
> enabled (deleting all the data currently on the volume in the process), but
> there is no option to transparently encrypt a volume without erasing it.
>
> Command-line tools to the rescue: diskutil will happily attempt to encrypt
> any volume you point it at, without erasing it first. Actually, the process
> is to convert it to a Core Storage volume which may optionally include
> encryption."
>
>
> On 7/22/11 9:10 AM, "David Emery" <email@hidden> wrote:
>
>> From: "Rowe, Walter" <email@hidden>
>>> http://www.apple.com/macosx/whats-new/features.html#filevault2
>>>
>>> External drive support
>>> FileVault 2 supports encryption of external USB and FireWire drives.
>>
>> Ok, anyone know -how-? I can see how FileVault would work if the external
>> drive is the boot drive. But so far I have not seen any way to enable File
>> Vault on an external drive using either the Security System Preference or Disk
>> Utility.
>>
>> And that raises a related issue: If you have a FV encrypted (boot) partition
>> (I guess it's right that it's the partition and not the physical device that's
>> encrypted), and you boot from another bootable partition (device), can you
>> decrypt the encrypted partition using the key you got when you created the FV
>> partition? This must be the case, otherwise how would you use the stored key
>> for recovery. I guess I'l have to try that sometime if no one else has
>> checked that out.
>>
>> dave
>> -----
>> David Emery, 703 298 3473 (c) 703 272 7496 (fax)
>> Supporting PdM Software Integration
>>
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden