[mfbernstein]

I've been looking for a way to encrypt my entire boot disk on MacOS X (or failing that, at least a full partition of my boot disk). So far, no luck. Anybody know of a product that will do this? Thanks.

P.S. Yes, I've checked both FIleVault and PGP. FileVault won't do partition level encryption. PGP won't encrypt partitions on the boot drive.

[Person Man]

Originally Posted by mfbernstein 

I've been looking for a way to encrypt my entire boot disk on MacOS X (or failing that, at least a full partition of my boot disk). So far, no luck. Anybody know of a product that will do this? Thanks.

P.S. Yes, I've checked both FIleVault and PGP. FileVault won't do partition level encryption. PGP won't encrypt partitions on the boot drive.

Why do you want to encrypt the entire boot drive?

[mfbernstein]

Simplicity. As I said, my /Users partition would work too.

I'd settle for encrypting my home directory. Unfortunately, FileVault insists on using a sparse disk image which makes things slow, and not very reliable, and given that I have 100+ GB of data to encrypt and regularly transfer 10-15GB a week, I'd rather have something more robust.

[TETENAL]

You can use FileVault which encrypts the whole user folder(s) and you can also turn on encrypted (secure) virtual memory. That should be pretty secure. I don't see the need to encrypt system files and applications.

[OreoCookie]

Another problem is corruption: if the disk image file gets corrupted, then this might hose all of your data. There is no encryption on a file-by-file basis (yet?).

[ghporter]

Whole disk encryption would be a wonderful option for the Mac. So far as I know, all the products that do this focus on Windows.

WDE is good for preserving confidential information (SOX/HIPAA/etc.) on portable devices. Considering how poorly some U.S. agencies (as in the VA) have protected such confidential information, there should be tons of companies developing such products.

[Person Man]

Originally Posted by ghporter 

Whole disk encryption would be a wonderful option for the Mac. So far as I know, all the products that do this focus on Windows.

Seagate makes hard drives that have hardware-level encryption.

From this page (emphasis mine):

Security— Security means more than just erecting a firewall. Make sure that your employees use strong passwords that are changed on a regular basis and aren’t shared with other employees. In addition, mobile computers and devices should be encrypted in case of loss or theft. Full-disk-encryption (FDE) solutions encript data on the disk as it’s being written—the ideal way to prevent unauthorized access to data on a lost or stolen laptop. FDE solutions also simplify the process of wiping the drive clean of data when the equipment is retired or repurposed.

[mfbernstein]

Unfortunately, that Seagate drive is only available to OEMs at this point. Further, there's no evidence that it's even Mac compatible yet. So yeah, it looks cool, but so far, no dice.

The best I've come up with is moving my user directory to an external drive and using PGP Whole Disk. Kinda negates the whole point of having a laptop though.

[RealMac]

The HFS+ format doesn't currently support entire disk encryption. So until Apple adopts a file system capable of this functionality or extends HFS+ to support it, you might be waiting a while.

Comparison of file systems - Wikipedia, the free encyclopedia

[legacyb4]

Any idea what the impact on day to day performance is like with this or is it not even noticable?

Originally Posted by TETENAL 

... you can also turn on encrypted (secure) virtual memory...

[JKT]

I've not noticed it, but then again, it has been on ever since I got 10.4.0 so I wouldn't know if it does have an impact or not

[mfbernstein]

Very instructively, there are now not one but two threads in the main OS X forum about FileVault problems.

RealMac: the problem isn't HFS+. ext3 and fat32 are also listed as not supporting encryption, yet in both cases there are robust partition level encryption solutions. The point is simply that those filesystem doesn't come with a built-in encryption facility.

The way PGP and others work is usually intercepting system calls between the FS and device driver level. This should work with pretty much any FS (obviously performance will vary).

At any rate, I guess my original question is answered: external disk or nothing. Anybody have experience here with PGP on Mac and an external disk? From their forum, it looks like things aren't ready for prime-time yet there either, but... And how about the rocbit or Addonics enclosures that do encryption (or any others I've missed)? Thanks.

[Big Mac]

I really don't trust software to handle the active encryption/decryption of large chunks of drive space. I knew from the outset that FileVault would cause people corruption issues. If I had to have an encrypted drive, I'd only go with a hardware solution like the new Seagate drive referenced above.