Encrypting second partition with Filevault 2 and an institutional recovery key

wilesd
New Contributor III

Hey guys,

Anyone know of a way to transparently do this on Mountain Lion or (pushing it) Lion? I've gone through the fdesetup options in Mountain Lion and nothing stands out.

3 REPLIES 3

gregneagle
Valued Contributor

As far as I know, it can't be done.

You can create an encrypted CoreStorage volume on another disk/partition, but if you want full FileVault 2 functionality, it must be a bootable volume. You'd then boot into that volume and use the normal methods to enable FileVault on the startup disk.

-Greg

rtrouton
Valued Contributor III

Greg's right, this isn't possible currently with a non-boot disk. You can set up the non-boot drive to be encrypted, but it can only be unlocked with a password.

I have a couple of posts on how to encrypt a non-boot drive available here:

http://derflounder.wordpress.com/2012/01/06/encrypting-10-7-non-boot-volumes-without-erasing-them/

http://derflounder.wordpress.com/2012/07/25/encrypting-non-boot-volumes-in-mountain-lion/

If you need non-boot drives to be encrypted and have alternate recovery methods, I recommend looking to hardware encryption. IronKey has solutions that may work for your environment:

http://www.ironkey.com

wilesd
New Contributor III

No problem thanks for the responses - Just as I thought it can be done but not with the same institutional key. Doesn't help me unfortunately