Shirt Pocket Discussions

Shirt Pocket Discussions (
-   General (
-   -   Is a SD clone of a Lion FileVault protected computer also encrypted? (

mmueck 08-27-2011 10:29 PM

Is a SD clone of a Lion FileVault protected computer also encrypted?
I've just spent all day preparing my world for Lion. I decrypted all my Snow Leopard filevault accounts (took eons) and now I'm about to re-encrypt everything using filevault-2 in Lion. I just assumed the new FV was like the old only faster, but it's actually an encryption of the whole disk! Before I get too far into this I was wondering if SD will also create a FV-2 encrypted clone, because if it doesn't then I have a major security issue if someone was to steal my back up drive.

mmueck 08-27-2011 10:41 PM

The more I think about it the fuzzier things get. The FV-2 encrypted drive relies on the existence of a 'recovery' partition to make the decryption all work, yet SD won't back that partition up when making a clone. So that must mean that you can't boot from the clone on another machine...

dnanian 08-27-2011 11:31 PM

If you want an encrypted backup, you need to encrypt the drive first, then Smart Update to it. Once you've done so, use the Startup Disk preference pane to start up from it. Does that work as expected?

mmueck 08-28-2011 12:41 AM

Hmm, are you saying that I should first format the target disk as e.g. Mac OS X Extended (Journaled, Encrypted) and then smart update to that? Can you then boot from that drive? I guess the implication here is that the original SD cloning process would indeed have then yielded an unencrypted back up :-(.

In the original FV you needed to go outside the encrypted world and do the back up from within a regular unencrypted user account. Now in FV-2 there's no such thing as stepping outside the unencrypted world because the whole disk is encrypted. No wait, I guess you could step outside that world do the back up using an unencrypted Mac and attach both the source (in my case a FV-2 encrypted Mac in target disk mode) and a regular formatted back up drive and just use the unencrypted Mac as a middle man while SD does the back up. You could also create a back up partition on the source machine that wasn't encrypted and do a similar thing I guess.

Either way, I'm too tired to think straight now and I'm not going to encrypt my Mac until I see a clear path to solve this. I just wish FV-2 worked on a per-user basis like FV-1 did. It certainly seems like trying to stay safe by using FV in Lion and being able to make a 'safe' back up is a challenge here!

Interesting - I just clicked on Submit Reply only to find out my log-in into the forum site had expired. Thank goodness I could still go back one page in the browser history and find all my text in tact to copy and paste in after a new log-in!

dnanian 08-28-2011 08:30 AM

Yes, and yes - the new FileVault operates at a level well under the 'file system', and thus the files aren't 'encrypted' when we read them. The original FileVault wrote files to a container that was encrypted - very different.

I think you can still use 'legacy' FileVault...

mmueck 08-28-2011 09:49 AM

Couple things about your forum site:
- I can't enter text into the quick reply section
- By the time I ponder and enter all the text for my reply I'm logged out. Could the time before auto-logout be increased a bit?

Anyway, here's my pasted reply before I got logged out:

Just working away on the computer as the very wet and windy remnants of Hurricane Irene pass over :-). I guess I can always revert to FV-1, but I have a suspicion it is ONLY possible when upgrading to Lion which means I have to go back to my SL backup.

Now here's a thought for you (if you don't mind a challenge). I just booted into the recovery partition and you can do some limited stuff there, including even bring up Safari. The partition is 650MB in size and SD is only 5.6MB in size. Would it be possible to copy and run SD from there? Because that partition is not encrypted you should be able to clone your main partition as-is and also, presumably, the recovery partition and end up with a real clone. There are several issues though - there is no Finder in the recovery partition so you can't double click on an application. You can bring up a Terminal window but I couldn't figure out how to open an application from there. I reckon I'm at the limits of my unix prowess at this point...

dnanian 08-28-2011 09:53 AM

I think you may be having browser issues. I never get logged out.

I had no plans to put us on the recovery partition. Instead, install Lion in full to a thumb drive, and run it from there. No limitations, far more useful, etc.

mmueck 08-28-2011 10:07 AM

Now that's a good idea! I'll assume that's going to work and shall go ahead and encrypt my Mac now.

And it looks like you're also enjoying Irene - you're in Weston, I'm in Andover :-).

mmueck 08-28-2011 10:22 AM

If I do clone my Mac's encrypted hard drive to another drive using your suggestion about running SD from a Lion pen drive, then presumably if I want to later extract a couple files from the back up drive then how would that work? In the old FV I would double click on the sparse bundle and enter the appropriate password to access it. Now the whole back up drive will be encrypted. Do you know for sure if I'll be able to access it freely - I guess I'm assuming the Finder in Lion will prompt me for a password or decryption key, right?

dnanian 08-28-2011 10:58 AM

You should be able to access the encrypted drive like any other drive, since once mounted it'll look unencrypted.

All times are GMT -4. The time now is 04:43 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.