- Joined
- Oct 12, 2014
- Messages
- 2
- Mac
- Classic Mac
- Mobile Phone
When I was planning on my first hackintosh I never realised that I wasn't going to be able to encrypt my disk, I guess it's not as important to people as it is to me, or else I would have found more articles during my research pointing to this HUGE caveat. Anyway, for me it is so important that I considered selling my hardware if I wouldn't be able to encrypt my disk. I read about different solutions to this problem, but I wasn't satisfied with any. In the end I settled with what I will present here, which is very simple and I hope will be useful to others. This encrypts only your home, which in my case was all I needed.
THE GUIDE:
The idea is to create a new partition to use as home directory for a single user computer (it can be easily extended to multiple users), encypt it, and then mount that partition as it's home. To be able to do this, we boot our mac to a secondary user which only purpose is to unlock the home partition of the main user. This has an added advantage, you can have a very complex password for your encrypted home partition, which you'll have to type only once in a while (when you boot), while having a simpler password for your user.
0. Recomended: Try to move as much data out of the disk as possible, since this way we'll be able to make space for our home partition. (you should make a backup anyway)
1. Fire Disk utility, select your OSX disk, go to partition, in the partition layout graph, go to the lower right corner and drag the partition size up to the size you'd like your root partition to have. Hit Apply.
2. Create a new partition using the "+" symbol and use the whole remaining space, name the partition as your username, let's call it "bob".
3. Go to finder, right click on the new partition and select "Encrypt" (you'll have to wait a certain time here, to make sure it's done, you can try logging out and in again, if it prompts for password, it's encrypted)
4. Create a new user "unlock", give admin privileges.
5. logout
6. Login into the "unlock" user
7. Open a terminal: (be sure you have a backup before this step, just in case)
8. Logout unlock, login to bob
9. Remove admin rights for user unlock
Done!
There are three (possibly more) workflows to use:
1. You can setup automatic login for the unlock user, once you login, you'll be prompted the password for the "bob" partition, once the partition is unlocked, you can logout and login to your user. (I use this one)
2. You can just login to "unlock" as a normal user, enter "unlock" password, be prompted with the partition password, enter second password, logout and login into "bob". I recommend the "unlock" user password and filevault password are different
3. Another option is to have a complex password for the "unlock" user, and then save the filevault2 password in the keychain for "unlock". This way you just enter one password, as in option one.
The nice thing about this setup is that if you try to login to "bob" as soon as you boot (with the locked partition), it will try to login for 10 - 20 seconds, and tell you it failed to do so, you'll just return to normal login where you can login to unlock and unlock your partition.
BTW, I'm pretty sure I won't be upgrading my system or anything like that, just want to have a stable 10.9.5 system and that's it. But I don't see why upgrading would be a problem, I would probably do it from the unlock user if I needed to.
Hope this helps someone else with the same issue I was having! And I welcome any ideas/criticisms to this guide.
THE GUIDE:
The idea is to create a new partition to use as home directory for a single user computer (it can be easily extended to multiple users), encypt it, and then mount that partition as it's home. To be able to do this, we boot our mac to a secondary user which only purpose is to unlock the home partition of the main user. This has an added advantage, you can have a very complex password for your encrypted home partition, which you'll have to type only once in a while (when you boot), while having a simpler password for your user.
0. Recomended: Try to move as much data out of the disk as possible, since this way we'll be able to make space for our home partition. (you should make a backup anyway)
1. Fire Disk utility, select your OSX disk, go to partition, in the partition layout graph, go to the lower right corner and drag the partition size up to the size you'd like your root partition to have. Hit Apply.
2. Create a new partition using the "+" symbol and use the whole remaining space, name the partition as your username, let's call it "bob".
3. Go to finder, right click on the new partition and select "Encrypt" (you'll have to wait a certain time here, to make sure it's done, you can try logging out and in again, if it prompts for password, it's encrypted)
4. Create a new user "unlock", give admin privileges.
5. logout
6. Login into the "unlock" user
7. Open a terminal: (be sure you have a backup before this step, just in case)
Code:
sudo rsync -av /Users/bob/ /Volumes/bob/
sudo rm -frv /Users/bob
sudo ln -s /Volumes/bob /Users/bob
9. Remove admin rights for user unlock
Done!
There are three (possibly more) workflows to use:
1. You can setup automatic login for the unlock user, once you login, you'll be prompted the password for the "bob" partition, once the partition is unlocked, you can logout and login to your user. (I use this one)
2. You can just login to "unlock" as a normal user, enter "unlock" password, be prompted with the partition password, enter second password, logout and login into "bob". I recommend the "unlock" user password and filevault password are different
3. Another option is to have a complex password for the "unlock" user, and then save the filevault2 password in the keychain for "unlock". This way you just enter one password, as in option one.
The nice thing about this setup is that if you try to login to "bob" as soon as you boot (with the locked partition), it will try to login for 10 - 20 seconds, and tell you it failed to do so, you'll just return to normal login where you can login to unlock and unlock your partition.
BTW, I'm pretty sure I won't be upgrading my system or anything like that, just want to have a stable 10.9.5 system and that's it. But I don't see why upgrading would be a problem, I would probably do it from the unlock user if I needed to.
Hope this helps someone else with the same issue I was having! And I welcome any ideas/criticisms to this guide.