As I want to use 10.7 / Lion full disk encryption, the whole encryption is moot if the same data is stored as clear-text in TimeMachine.
Even before Lion it was possible to use encrypted sparse disk images (as TimeCapsule uses them) to encrypt TimeMachine but frankly I don't assume that a 4Gb disk image is adequate.
Lion allows you to specify that you want your backups to be encrypted, but in my case this was refused with a simple "not supported on raid".
Using diskutil I managed to get it work anyway.
WARNING This worked for me. Once. I think.
This procedure may trash your data or set your cat on fire. Proceed at your own risk.
This procedure will delete all data on the raid volume. I didn't care too much as this was TimeMachine history only.
In Terminal, dump the current disk layout for reference:
"diskutil list". In my case this looks like this:
/dev/disk0 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *256.1 GB disk0 1: EFI 209.7 MB disk0s1 2: Apple_HFS SSD 255.2 GB disk0s2 3: Apple_Boot 650.0 MB disk0s5 /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *2.0 TB disk1 1: EFI 209.7 MB disk1s1 2: Apple_RAID 2.0 TB disk1s2 3: Apple_Boot Boot OS X 134.2 MB disk1s3 /dev/disk2 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *2.0 TB disk2 1: EFI 209.7 MB disk2s1 2: Apple_RAID 2.0 TB disk2s2 3: Apple_Boot Boot OS X 134.2 MB disk2s3 ....
Note that the RAID volumes in my case were disk1s2 and disk2s2.
What I did was to delete the RAID in DiskUtility and to re-create it. You may not have to do this. Note that even if you do not re-create the RAID, you will still loose all data on the RAID-set.
Step 1: Create a RAID set:
diskutil ar create stripe myNewRaidSet JHFS+ disk1s2 disk2s2
Replace disk1s2, disk2s2 with the list of the partitions you want to use for this RAID-set.
If you don't want a "stripe" RAID0 you can use other types:
o "stripe" - Striped Volume (RAID 0) o "mirror" - Mirrored Volume (RAID 1) o "concat" - Concatenated Volume (Spanning)
All the usual Apple RAID options can be used, including stacked RAIDs like RAID 10, RAID 0+1 etc. "man diskutil" or DiskUtility is your friend.
Now you should have a new RAID-set. Let's check:
diskutil list ... /dev/disk4 #: TYPE NAME SIZE IDENTIFIER 0: Apple_HFS myNewRaidSet *4.0 TB disk4
Good. disk4 is the name of the Raid-set
We now have to create a CoreStorage Logical Volume Group.
CoreStorage is the new volume manager in Lion which is the foundation for FileVault2).
diskutil cs create myNewLvg disk4
(Replace "disk4" with the name of your AppleRaid)
We now should have a CoreStore Logical Volume Group.
"diskutil cs list" will print it out:
iomp:~ io$ diskutil cs list CoreStorage logical volume groups (1 found) | +-- Logical Volume Group 0CBCF265-CCC0-4564-90D2-30F5F3080FAB ========================================================= Name: myNewLvg Sequence: 1 Free Space: 3999958884352 B (4.0 TB) | +-< Physical Volume 3C01045D-9391-4707-B0D8-5DC1551BF459 ---------------------------------------------------- Index: 0 Disk: disk4 Status: Online Size: 4000109887488 B (4.0 TB)Excellent. We still don't have a volume that we can use, this is created in the next step:
diskutil cs createVolume 0CBCF265-CCC0-4564-90D2-30F5F3080FAB jhfs+ MyEncryptedRaid 100% -stdinpassphraseThe parameters in details:
- The lengthy hex string must be the UUID of the logical volume group you've created in the previous step. See above "myNewLvg"
- JHFS+ tells disktuil that we want a journaled HFS+ volume (which should be fine)
- 100% means - "use 100% of the logical volume group for this volume". You can create multiple smaller volumes if you fancy those.
- -stdinpassphrase will cause diskutil to ask for an encryption pass phrase.
CoreStorage logical volume groups (1 found) | +-- Logical Volume Group 0CBCF265-CCC0-4564-90D2-30F5F3080FAB ========================================================= Name: myNewLvg Sequence: 2 Free Space: 0 B (0 B) | +-< Physical Volume 3C01045D-9391-4707-B0D8-5DC1551BF459 | ---------------------------------------------------- | Index: 0 | Disk: disk4 | Status: Online | Size: 4000109887488 B (4.0 TB) | +-> Logical Volume Family B290CE10-87A6-4D75-AE3A-EF3ECF401635 ---------------------------------------------------------- Sequence: 2 Encryption Status: Unlocked Encryption Type: AES-XTS Encryption Context: Present Conversion Status: NoConversion Has Encrypted Extents: Yes Conversion Direction: -none- | +-> Logical Volume 948377BF-5F9B-47A1-A6D5-E98472F32072 --------------------------------------------------- Disk: disk5 Status: Online Sequence: 2 Size (Total): 3999958884352 B (4.0 TB) Size (Converted): -none- Revertible: No LV Name: tm4cc Volume Name: tm4cc Content Hint: Apple_HFS
There your have it, an encrypted RAID-set.
Point TimeMachine to the new location and that's it.
I haven't yet looked into details of FileVault2 (details are also very hard to come by at this time) so the whole exercise may be plain idiotic. For example I haven't tried whether I can restore from this volume (as the backup of 1,4Tb is still ongoing). I will update the post once I have tried this. You may want to wait for this ;-)
