To be more specific yet still brief, I'm looking to use Filevault 2's entire partition encryption, for a partition other than my primary boot partition.
Ideally, I want to have 2, or in the future, maybe even more than 2 bootable partitions. What I want though is to have an unencrypted partition be my primary boot partition. So that you hit the power button on the computer, it starts up to a standard login screen without you ever seeing a password prompt.
I still want to have a protected bootable partition, however. Ideally, I'd like to be able to choose this partition under the boot manager (hold Alt/Option at startup) and have it proceed to the password prompt after choosing it. But it's important that this partition only boots when chosen, and that during a normal boot, the unencrypted partition boots.
I'm aware it's possible to choose an unencrypted partition from the boot manager while having an encrypted primary partition with FV2. As this is popular with Bootcamp dual-boot setups. What I couldn't find any information on though, is whether or not people were able to set their Windows partition (or other unencrypted partition) to their primary boot partition. However I don't imagine this is a very common thing people want to do either.
What I want is different than the usual for dual-boot situations. I want to have 2 OS X partitions. I don't see why this should matter. Any bootable OS should work fine on any partition. And I don't see why OS X would try to touch an encrypted partition it isn't told to at any point. However, if you know of any problems with this setup, please let me know.
And one more note. I don't see why it would interfere, but it's also important to know that I use a firmware password. Yes, I'm aware that if my proposed setup would work, it would require me to enter two separate passwords, one to bypass the firmware lock and another to boot the partition. I'm perfectly okay with this.
Please and thank you for any help, advice, or possible tidbits of information you may be able to provide!
Best Answer
Yes, this should work fine. I actually have essentially this config on one of my computers , the only odd thing is that my default boot (unencrypted) is OS X 10.8 (Mountain Lion), and the alternate (encrypted) partition is OS X 10.9 (Mavericks). I'm not really using it in this mode (it's a test computer that just happened to wind up with this combo), but the only unusual thing I've noticed is that when you boot from the unencrypted partition, every time you log in it asks you to unlock the encrypted partition so it can be mounted. You can either enter the password of one of the FileVault-enabled accounts from the encrypted partition, or click Cancel and go about your business.
I do not have a firmware password set on this test computer, but I wouldn't expect setting one to cause any problem. To boot from the encrypted partition, you'd have to start the computer with the Option key held down, enter the firmware password, select the alternate partition, then enter one of the FileVault-enabled account passwords. After that, it should behave normally.