I have an external disk with partitions A and B. B is an encrypted HFS volume with as password. (Presented as "Apple_CoreStorage" or "Logical Volume OS X Extended").
When I connect the drive, OS X asks for the password to the partition. If I unmount the partition, and mount it again, OS X does not ask for the password.
I have to physically disconnect the drive and connect it again to make OS X ask for the password.
Is there any way to require the password to be entered every single time the partition is mounted? (This is the way encrypted sparse images work, for example.)
Best Answer
This is a flaw in the CoreStorage encryption system. When you first connect the physical disk, the volume is in state
Locked
. Once you enter the password, the volume becomesUnlocked
. (you can actually see the state of your volume fromdiskutil list
)The problem is that CoreStorage does not
lock
a volume until it is physically removed from the system.My theory is that the keys used to unlock the volume being stored within memory until the drive is ejected - although the volume may be unmounted and locked, the keys to unlock it remain within memory. Attempting to remount and unlock the partition just calls for the keys from memory instead of asking for the password.