FileVault on secondary drives

in

With OSX Lion, Apple introduced their Whole Disk Encryption technology known as FileVault 2. Not to be confused with the old FileVault, which basically just wrapped up a home directory into a single encrypted disk image, this FileVault is a transparent encryption layer at the filesystem level.

More details on its use can be found in John Siracusa’s great Lion review, but my favorite feature is a rolling encryption setup, where an active and running volume can be reconfigured as an encrypted volume while the system still runs (as long as the volume you’re encrypting isn’t the boot volume).

To do so, use diskutil list on the terminal to view your active volumes. You’ll see something like:

/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *80.0 GB    disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:                  Apple_HFS Lion                    79.7 GB    disk0s2

All it takes to turn that pesky unencrypted volume into an encrypted one is:

diskutil cs convert disk0s2 -passphrase somethinglongandcomplicated

Lion will then convert the volume in the background. Hoorah! Now, you may wonder, when is this background encryption done? Luckily diskutil cs list will show you a nice healthy volume of information about all the volumes on your system. Instead of trolling through all the data, just run this guy:

diskutil cs list | egrep -B1 '(Converted).*B' | awk '{ print $3;}' | perl -e 'my $total = <STDIN>; die "Conversion done!\n" unless $total; chomp($total); my $done = <STDIN>; chomp($done); printf("%0.2f percent\n", 100 * $done/$total);'

and you’ll see something like:

26.93 percent

You can leave drop that command into something like GeekTool and have that on your desktop so you can do a happy dance when the disk encryption process is completed.

PS: For those of you who have installed watch using homebrew, here’s the watchified version of that command:

watch -n 20 "diskutil cs list | gwatch -n 20 "diskutil cs list | egrep -B1 '(Converted.*B)' | awk '{ print \$3;}' | perl -e 'my \$total = <STDIN>; die \"Conversion done\!\\n\" unless \$total; chomp(\$total); my \$done = <STDIN>; chomp(\$done); printf(\"%0.2f percent\", 100 * \$done/\$total);'"