26 Response to “FileVault: Encrypt hard drive on Mac”

    1. No idea! For me under Catalina, the encryption is displayed in the context menu. Perhaps this was not yet available under 10.7.5?

          1. In the article I linked, the headline says “Mountain Lion”, but with the terminal and discussions, it also works with Lion. 1,5 TB of an external hard drive takes about 800 hours extrapolated via FireWire (up to 30 Mbit / sec). (Not finished yet.) No recovery key appears to be being created.

          2. Another question: Can you actually turn off the computer if a disk (not the one with the OS) has not yet been encrypted and let it continue later?

          3. I think so, since the process is running in the background. But I would strongly advise the "Turn off" menu item and not just pull the plug. :D But that goes without saying... ;-)

          4. You can turn off the computer, even if the encryption of an (external) hard drive is not yet finished. (I don't know whether the system hard drive will also work.) The computer shuts down as normal, and the next time it is turned on, the encryption simply continues by itself.

          5. I switched off the computer while encrypting a backup hard drive that was not so important with discussil via “Apple menu -> Switch off ...”. No special occurrences. The next time I logged in, the process just continued, which I was using discussil cs list could check and observe.

          6. I encrypted the internal hard drive with the operating system via FileVault. It is simply mounted when I log in to my admin user account. Other hard disks encrypted with konstantil now require the password after login. (My concern is that by installing such a hard drive in another computer without a password, you don't have access, which is fine.) But I want these hard drives to be mounted automatically when I log on. That should be possible with a script that starts by itself as a login object. I have a start script (as Apple script) running anyway. But how do I address the respective hard drives? How about applescript? Or how about the terminal?

            tell application “terminal”
            do script with command “[…]”
            end tell

          7. Hello Subhash! I think you know more about that than I do. Unfortunately, I can't give any tips on that. : D

          8. Hello Subhash! Do you have the script?Unlock" watched? Maybe that will get you further... Quote: “Unlock allows the system to unlock and mount Core Storage encrypted volumes during boot. In other words, this allows you to log in as a user whose home directory is on an encrypted secondary disk without any problems.”

          9. Hello sir, no, I don't know the “Unlock” script. But I did it with AppleScript like this:

            tell application “terminal”
            do script with command “diskutil cs unlockVolume [UUID] -passphrase MyUncrackablePassword”
            end tell

            Whereby [UUID] is to be replaced with the CoreStorage UUID of the “Logical Volume”, which can be found in the terminal with “Argumentil CS List”.
            Alternatively, you can write a shell script with the above terminal command.

            In any case, I now have this in my start script, and although the dialogues appear briefly, one should enter the respective password for the three encrypted hard disks, the terminal commands via AppleScript are accepted, the dialogues disappear and the disks are mounted. Well, that's pretty handy. The only thing that bothers me a little is that the passwords are open in the script.

          10. Hi Subhash! Thanks for adding to the script! That is practical. And actually the password in the script is not a problem, because you can only see the script if you are already logged in with your PW.

          11. I have now saved all the passwords in the keychain administration again because I wanted to call them up via the keychain without a password in the script. They are then automatically saved in the "Registration" keyring. The call via the terminal was then as follows: "discussil cs unlockVolume [UUID] -recoverykeychain /Users/MeinBenutzer/Library/Keychains/login.keychain"

            Lo and behold, the terminal command in AppleScript is not necessary, the hard drives are mounted automatically! Apparently I got something wrong or misunderstood on the first try. It's even easier now. No start script is necessary for this.

            In general, the whole inconvenience is only given with "Lion" (MacOS 10.7). With later operating systems it is supposedly already possible via the context menu of the hard drive in the Finder as you write above.

    2. The disk must also be formatted as “Mac OS Extended (Journaled)” or APFS. A copy of the start disk can currently NOT be encrypted, idiotically. I still haven't figured out why, just THAT.
      So I have a real problem ... all encryption is useless if the backups are without! * head shake *

      Good luck, Ollie

      1. Unfortunately, you are not shown WHAT is wrong or what you have to change if you are looking to encrypt another HD. The entry in the context menu is simply not available. And Catalina is no longer available via Security-> FileVault, stupidly you can only encrypt the internal disk via this. Here Apple has really approached M $ mechanisms again to make everything unnecessarily more complicated :-(

      2. Hello Ollie! This is because the backup program can only copy the files. If you want to encrypt the backup, you have to encrypt the hard drive on which the backup is to be loaded. It works fine for me under Catalina.

  1. Hi Jens,

    I wanted to install an SSD in my old MacBook Pro. System: High Sierra. Can I simply install the old HD with the data in a housing and use it as an external disk?

    I can't remember whether the HD is encrypted or whether the Time Machine's backups are. Where do i see this?

    In any case, I read in a tutorial that the encryption for the former system volume should be canceled. Actually, this should only be necessary if you don't know the password. Or am I missing a crucial piece of information?


    1. Hello Marie! Yes, you can simply build the hard drive into an external enclosure. I'm not 100% sure if you can then use the password to break the encryption, or if the Mac might have something wrong with it. About Time Machine: You should actually see that on the Mac under System Preferences > Time Machine. If the disk is still selected there. Otherwise, I no longer see it on my records. There used to be a “Sparsebundle” file that was on the Time Machine volume, but that's not the case for me anymore... There's only one Spotlight-V100 folder and it's on every hard drive. You can see it when you press CMD + SHIFT + . (period) make the invisible files visible.

  2. Hi

    Thanks for the interesting article. After creating TimeMachine backups on an external hard drive for the last few years, I would now like to switch back to a classic backup. So regularly mirror the files from my iMac (SSD) locally on two external SSDs (double backup). So no longer save the whole system as a backup. To do this, I want to use two external SSDs and the program Sync Folders Pro. I don't want to go over a network as I use the data locally only.

    And now to my question. Can I encrypt my internal and two external SSDs with FileVault and still regularly back up the internal data to the external SSDs? My technical knowledge is limited. I would be very grateful for a direct answer.

    1. Jen Kleinholz

      Hello Piet! Yes, that should work. You can see the hard drives virtually unencrypted when you are logged in, since the FileVault password is requested very early on when you boot. You can therefore safely work with the tool and copy data.
      However, what is currently no longer so easy is backing up the system disk. macOS has had a split between Macintosh HD data and Macintosh HD for a few versions. And you can backup only the personal data. macOS no longer allows copying a system partition WITH the ability to boot from it. However, this is a security feature that makes sense.

      1. Many thanks for the quick response. A TimeMachine backup or a system backup is no longer an option for me either. My old iMac (HDD) could only be updated to OS Catalina. After it disappeared from one second to the next, I had to restore the entire old Catalina system on the new iMac (macOS Monterey) to get my data, a disaster. TimeMachine sure is a great thing when I'm using it on the same machine. All in all, a separate external backup of my data and reinstalling the system if it becomes necessary is the better alternative. With Monterey and the new SSDs, I can restore the basic installation directly to my Mac in a very short time anyway, if I read it correctly. So, thanks again for the reply. Then just try it out in practice. Best regards, Peter Schwartz

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.