Is it possible to boot from an encrypted external hard drive

backupbootencryptionfilevaultsuperduper

If I have an external hard drive with a bootable cloned backup (via SuperDuper) – if I encrypt it with the Finder will I still be able to boot from it if necessary?

Are there any solutions to enable my backup to be both encrypted and also bootable? I currently use FileVault 2 to encrypt my main SSD, and if I try booting from that (i.e. just booting up my computer) it asks for my password. If I try to boot from a bootable external disk (which happens to be encrypted) will it just ask for the disk password on boot [that is, after I select that as the boot disk], similarly to how I would be asked to enter a password to unlock the SSD encrypted with FileVault 2?

Best Answer

It should work, but if you use SuperDuper! a workaround is necessary:

I backed up my main system volume (hereinafter referred to as "System") to the unencrypted! backup volume (hereinafter referred to as "SystemBackup"). After rebooting to SystemBackup i tried to encrypt the volume SystemBackup, which wasn't successful, because the Recovery HD on the backup disk is missing. SuperDuper! only creates a copy of the system volume.

  1. To get around this you first have to install a working system on the backup disk or use another way to create a Recovery HD volume on the backup disk and then erase the main backup volume again.
  2. Backup your main system volume to the backup volume.
  3. Boot to your (bootable) backup volume SystemBackup
  4. Enable File Vault 2 in the system preferences.
  5. Reboot to SystemBackup like advised and continue encrypting.
  6. After encryption has finished boot to your main volume again
  7. Now backup your main volume as usual using SuperDuper!

In my second/third attempt i used CarbonCopyCloner. In contrary to SuperDuper! CCC creates a backup, which usually includes the Recovery HD:

  1. Backup your main system volume to the unencrypted! backup volume. You might have to initiate the backup of the Recovery HD manually. In my first attempt it was backed up automatically and in a second attempt i had to initiate it manually.
  2. Boot to your (bootable) backup volume SystemBackup
  3. Enable File Vault 2 in the system preferences.
  4. Reboot to SystemBackup like advised and continue encrypting.
  5. After encryption has finished boot to your main volume again.
  6. Now backup your main volume as usual using CarbonCopyCloner.

Even after completely deleting my main disk (File Vault volume & Recovery HD) to simulate a disk failure, i have been able to boot to my system backup volume.

Don't encrypt the backup volume in the Finder (e.g. control-click on the the volume) before or after backing up your main volume!

An important note from the CCC knowledge base:
Mac firmware cannot "see" FileVault-protected volumes larger than 2.2 TB when the disk is attached via USB. If attaching the disk to your Mac via Firewire or Thunderbolt is not an option, create a 2TB partition at the beginning of the external disk to work around this limitation.

Related Question