Jump to content
macpro

Should I store unencrypted Media Sets on a FileVault encrypted disk?

Recommended Posts

All my disk media sets are stored on external disks. They are not encrypted at the moment, but I would like to enable that.

If I want to use encryption from Retrospect, I have to recreate the disk media sets. Thus losing a lot of backup history.

 

But I could also use FileVault to encrypt the external disks. Then I do not need to recreate the disk media sets.

The only drawback I can think of at this moment is that I'll have to enter the encryption password everytime I mount the backup disks.

 

Has anyone tried this approach already? 

Any thoughts on why this could be good or bad?

Share this post


Link to post
Share on other sites

I believe you cannot use FileVault to encrypt an external disk unless you have macOS on that disk. To enable FileVault you have to boot from the disk, and use the System Preferences' Security and Privacy pane to enable it. In addition, FileVault requires the presence of a Recovery partition on the disk (it uses that for the initial login). The Recovery partition is typically installed when you install the macOS.

 

If I'm wrong and there is a way to enable FileVault on an external disk without booting from it, I'd love to learn about it. But I think Filevault doesn't work to encrypt other volumes.

 

My Mac's hard drive is encrypted using FileVault and I backup to an external media set on an external hard drive. I wiped my backup and recreated it using Retrospect's built-in encryption (but lost the backup history as you said). I also use SuperDuper to clone my hard drive. I had to install the macOS (to install a Recovery partition) and then boot from the clone to enable FileVault on that external disk. Subsequent clone operations don't require repeating any of that.

 

Another possible option that would preserve your backup history would be to create a large encrypted disk image using Disk Utility, saving the image on your external disk, and moving the media set onto the encrypted disk image. I haven't tried that myself but I do backup certain specific folders to encrypted sparse image disk images (as file backups) sets) and it works well.

 

You should be able to store encrypted volume passwords in the keychain for ease of use. I never have to enter my passwords for Retrospect or my encrypted external disks because the passwords are stored in the keychain. Of course the Mac where your keychain resides should probably be encrypted, although the keychain--I think--is automatically encrypted.

 

Good luck!

Share this post


Link to post
Share on other sites

Because I got no response yet, I decided to try one set of hard drives last weekend. 

 

You can use FileVault on external drives. Just select the drive on the Desktop and use "Encrypt <volume>" (Not sure about the name, I'm using a Dutch version of macOS.)

The Mac will ask to provide a FileVault password to decrypt the data and then asks to reboot so the encryption process can start.

The only drawback I anticipated was that I would have to enter the password everytime I mount the disk.

But I don't have to, because it's possible to store that password in the keychain. Just as you mentioned above.

 

The nett result after a week of testing? Works without any troubles.

 

I haven't had any issues with Retrospect so far.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×