As far as I know, it can't be done.

You can create an encrypted CoreStorage volume on another disk/partition, but if you want full FileVault 2 functionality, it must be a bootable volume. You'd then boot into that volume and use the normal methods to enable FileVault on the startup disk.

-Greg

Greg's right, this isn't possible currently with a non-boot disk. You can set up the non-boot drive to be encrypted, but it can only be unlocked with a password.

I have a couple of posts on how to encrypt a non-boot drive available here:

http://derflounder.wordpress.com/2012/01/06/encrypting-10-7-non-boot-volumes-without-erasing-them/

http://derflounder.wordpress.com/2012/07/25/encrypting-non-boot-volumes-in-mountain-lion/

If you need non-boot drives to be encrypted and have alternate recovery methods, I recommend looking to hardware encryption. IronKey has solutions that may work for your environment:

http://www.ironkey.com

No problem thanks for the responses - Just as I thought it can be done but not with the same institutional key. Doesn't help me unfortunately

That's a great question. The fdesetup command is the primary tool for managing FileVault 2, and as you've found, it doesn't have a built-in "transparent" or pre-boot bypass option by design—that would defeat the security purpose.

Your search for a seamless encryption layer is interesting because it mirrors a hardware-level concept in high-performance computing. What you're essentially looking for is a software abstraction that handles encryption without interrupting the user workflow.

This is directly analogous to the role of a Mezzanine Card with a Dual Channel interface in a server or storage array. In that context, the mezzanine card acts as a dedicated, transparent co-processor for specific tasks. A "Dual Channel" architecture ensures there are two independent data paths, which is crucial here: one path can be dedicated to the primary data flow (reading/writing files), while the other handles the computational overhead of a parallel task—like real-time encryption and decryption.

The mezzanine card performs its job (be it encryption, compression, or networking) completely transparently to the main CPU, offloading the work to preserve system performance. FileVault 2 aims for a similar user experience by using the Mac's built-in hardware (the T2 chip or Apple Silicon Secure Enclave) to perform the encryption/decryption on-the-fly with minimal impact, making it feel transparent after the initial unlock.

So, while a software tool like fdesetup might not offer a transparent bypass, the underlying system architecture is already using a "transparent acceleration" principle similar to a hardware mezzanine card to make the encryption itself as seamless as possible. You might be hitting the limit of what's possible in user-space for a security feature that fundamentally requires an authentication gate.