Mac – Full Disk Encryption with Time Machine Backup

apfsbackupencryptionfilevaulttime-machine

I don't know the appropriate setup to encrypt whole disk drive using FileVault 2 and Automatically backup it without issues. Currently, I'm using a 2nd-gen Intel i7 MBP running macOS High Sierra 10.13.6 (17G5019), One Internal Crucial SSD, APFS volume, and using Time Machine for Backup on a G-technology External Drive, Mac OS Extended (Journaled).

/dev/disk0 (internal, physical):
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      GUID_partition_scheme                        *500.1 GB   disk0
1:                        EFI EFI                     209.7 MB   disk0s1
2:                 Apple_APFS Container disk1         499.9 GB   disk0s2

/dev/disk1 (synthesized):
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      APFS Container Scheme -                      +499.9 GB   disk1
                             Physical Store disk0s2
1:                APFS Volume Macintosh HD            456.0 GB   disk1s1
2:                APFS Volume Preboot                 20.4 MB    disk1s2
3:                APFS Volume Recovery                512.0 MB   disk1s3
4:                APFS Volume VM                      10.7 GB    disk1s4

/dev/disk2 (external, physical):
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      GUID_partition_scheme                        *4.0 TB     disk2
1:                        EFI EFI                     209.7 MB   disk2s1
2:                  Apple_HFS G-DRIVE USB             4.0 TB     disk2s2
3:       Microsoft Basic Data G-UTILITIES             4.1 GB     disk2s3

Best Answer

You can enable FileVault 2 from System Preferences > Security & Privacy > FileVault. Just press "Turn on FileVault..." and full disk encryption will be setup.

Full Disk Encryption in this sense means that all your own data on the Macintosh HD file system will be encrypted. There is a preboot partition that isn't encrypted, as this is where the software necessary to decrypt the drive is stored. Without it, you wouldn't be able to boot the Mac.

When you plugin the USB drive, macOS will ask you if you want to use it for backups. If you confirm that, it will ask you whether or not you want the backups encrypted. Set the checkmark and encryption of the backup will automatically be setup for you.

If you have already started backing up to the external disk without encryption, you can enable encryption afterwards like this:

Open System Preferences > Time Machine. Click "Select Disk..." and remove the external disk.

Do it again and select the disk again, and it will ask again for encryption. Set the checkmark and you'll be asked to set a password. The disk will then be encrypted. The backups already stored on the drive will be preserved.

Related Solutions

Mac – Time machine backup or File Vault encryption of encrypted disk image

If you encrypt something once, you can't weaken it by encrypting it another time. You can strengthen it, but not very much that it makes a big difference. Most attacks are brute force password Crack attacks, on both filevault and the disk image, because there is the highest chance for the decrypter to win. So you harden the step of decryption because you encrypt twice, but you don't harden it much. but btw, best anti brute force tactics are using algorithms like PBKDEF2 instead of simple SHA. but that's something only apple can do. and I expect from them to do something like that.

MacOS – How to fix the corrupted APFS container

Your GPT Structure looks ok but just to be sure, there are a few things you can do. However, before proceeding, back up all of your data (time machine works well). Then proceed to

Download Gdisk for mac
Install the package
Open up your terminal application
enter the command sudo gdisk /dev/disk0
Enter your administrator password

A message will appear. If something is broken it should auto-repair itself and look something like this

GPT fdisk (gdisk) version 1.0.3

Warning: Devices opened with shared
lock will not have their partition table automatically reloaded! The
protective MBR's 0xEE partition is oversized! Auto-repairing.

Press x, hit enter
Press p, hit enter
Press o, hit enter
Press q
Copy and paste the results in your answer.
Close terminal
Go to the App store
Download Mac OS High Sierra
Get a USB stick
Go to https://support.apple.com/en-us/HT201372 and follow the instructions on the site.
Restart your mac with your newly created bootable USB of High Sierra (or corresponding OS)plugged in, while holding down the 'Alt' key.
A boot screen will appear.
Select the option "Install Mac OS High Sierra"
Once in your installation screen, go to the "Utilities" menu and select "Disk Utility"
Click on your hard drive and hit the "First Aid" button. Then use the first aid button/tool on each of it's partitions/containters.
Exit Disk Utility. Reboot. Check if things are fixed. If not, continue with instructions....
Reboot with USB inserted again, and go back to "Install Mac OS High Sierra".
Once in the install screen, click the "Install Mac OS"
!IMPORTANT! - DO NOT FORMAT THE HARD DRIVE OR ITS PARTITIONS.
At the "Select the disk in which to install" screen, select your disk, but DO NOT FORMAT. Then hit the "Install" button.
Wait for the installer to finish.
Reboot.
Check and see if things are working. They should be. Done.

Best Answer

Related Solutions

Mac – Time machine backup or File Vault encryption of encrypted disk image

MacOS – How to fix the corrupted APFS container

Related Question