Skip to main content

encryption - Create new partition on encrypted volume in OS X Lion


Updated: see below.


I encrypted a 500 GB partition on an external 1TB drive on OS X Lion. The other 500 GB was not used yet and I want to create another partition on the external drive now. Disk utility will not let me do this and refers to the command line utility diskutil, noting that the drive contains CoreStorage physical volumes.


I have looked around in the utility diskutil but so far I haven't found anything useful:



  • diskutil cs createVolume does not work because I first have to resize the Logical Volume Group, apparently.

  • diskutil resizeVolume might work, but this does not work on CoreStorage volumes, so I'm afraid I might break things (i.e. my encrypted volume occupies disk2s1, disk2s2 and disk2s3 at the same time) (see my diskutil output)


Some background info is given in an Ars Technica review, but this provides little information on how to proceed. This Macworld article instructs how to resize a volume, but I don't think this is applicable to CoreStorage volumes.


My diskutil list output:


/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:          Apple_CoreStorage                         499.2 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS OSX                    *498.9 GB   disk1
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *1.0 TB     disk2
   1:                        EFI                         209.7 MB   disk2s1
   2:          Apple_CoreStorage                         499.8 GB   disk2s2
   3:                 Apple_Boot Boot OS X               134.2 MB   disk2s3
/dev/disk3
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS TimeMachine disk       *499.5 GB   disk3

my diskutil cs list output here:


CoreStorage logical volume groups (2 found)
|
+-- Logical Volume Group UUID1
|   =========================================================
|   Name:         OSX
|   Sequence:     1
|   Free Space:   0 B (0 B)
|   |
|   +-< Physical Volume UUID1.1
|   |   ----------------------------------------------------
|   |   Index:    0
|   |   Disk:     disk0s2
|   |   Status:   Online
|   |   Size:     499248103424 B (499.2 GB)
|   |
|   +-> Logical Volume Family UUID1.2
|       ----------------------------------------------------------
|       Sequence:               8
|       Encryption Status:      Unlocked
|       Encryption Type:        AES-XTS
|       Encryption Context:     Present
|       Conversion Status:      Complete
|       Has Encrypted Extents:  Yes
|       Conversion Direction:   -none-
|       |
|       +-> Logical Volume UUID1.2.1
|           ---------------------------------------------------
|           Disk:               disk1
|           Status:             Online
|           Sequence:           4
|           Size (Total):       498929332224 B (498.9 GB)
|           Size (Converted):   -none-
|           Revertible:         Yes (unlock and decryption required)
|           LV Name:            OSX
|           Volume Name:        OSX
|           Content Hint:       Apple_HFS
|
+-- Logical Volume Group UUID2
    =========================================================
    Name:         TimeMachine disk
    Sequence:     1
    Free Space:   0 B (0 B)
    |
    +-< Physical Volume UUID2.1
    |   ----------------------------------------------------
    |   Index:    0
    |   Disk:     disk2s2
    |   Status:   Online
    |   Size:     499796238336 B (499.8 GB)
    |
    +-> Logical Volume Family UUID2.2
        ----------------------------------------------------------
        Sequence:               9
        Encryption Status:      Unlocked
        Encryption Type:        AES-XTS
        Encryption Context:     Present
        Conversion Status:      Complete
        Has Encrypted Extents:  Yes
        Conversion Direction:   -none-
        |
        +-> Logical Volume UUID2.2.1
            ---------------------------------------------------
            Disk:               disk3
            Status:             Online
            Sequence:           4
            Size (Total):       499477467136 B (499.5 GB)
            Size (Converted):   -none-
            Revertible:         Yes (unlock and decryption required)
            LV Name:            TimeMachine disk
            Volume Name:        TimeMachine disk
            Content Hint:       Apple_HFS


Update:


After looking around for more information it seems that currently CoreStorage volumes are not so flexible. There is a useful blogpost listing some undocumented features, but still resizing a CoreStorage volume does not seem to work.


Using the old diskutil commands do not solve the problem:



  • diskutil resizeVolume disk2s2 R is not possible because it is a CoreStorage partition/volume

  • diskutil resizeVolume disk3 R is the same

  • diskutil partitionDisk does not work because it deletes all volumes first


Using CoreStorage routines also runs into trouble



  • diskutil cs resizeDisk does not work because the CoreStorage physical volume is bound to the limits of the regular partition disk2s2

  • diskutil cs addDisk is not possible because I cannot repartition disk2 without destroying it

  • diskutil cs resizeVolume does not work because the logical volume group is not big enough


In the end I am now reverting the encryption and will re-partition the drive non-destructively with Disk Utility after that is complete.



Answer



There are multiple aspects to this, I'll try to encompass all answers (to the best of my knowledge) in one post.




… resize a volume, but I don't think this is applicable to CoreStorage volumes. …



True, not applicable. In folder http://www.wuala.com/grahamperrin/public/2011/07/30/b/ at the tail of file 2011-07-30 07.14.txt for a logical volume with partition type Apple_HFS there's the following string:


Volume format does not support resizing


If you wish to resize what is currently an Apple_CoreStorage partition, you must:




  1. begin converting backward




  2. allow conversion to complete.




Following completion of backward conversion


Generally


If the volume to be reverted is a startup volume, then completion should be followed by a restart of the operating system.


For your disk2


A restart may be unnecessary, but should do no harm. Considering the use of part of disk2 by Time Machine, my hunch is that a post-conversion restart would be timely.



If you wish this, bear in mind that with or without encryption, the volume may be unrecognisable by any operating system that lacks support for Apple Core Storage.


diskutil coreStorage createVolume …


My attempts in this area failed, typically with the following response:



Error: -69720: There is not enough free space in the Core Storage Logical Volume Group for this operation



(I do have related questions but they're off-topic from the opening question.)


Increasing the proportion of a physical volume that is given to a logical volume family


AFAICT not possible. This concept may be purely my imagination (I don't pretend to understand all things Core Storage-related).



Using Apple software included with Mac OS X 10.7 (Build 11A511)


If you wish the free ~half of your disk2 to be a volume that will be compatible with (say) Snow Leopard, alongside the encrypted ~half, then you can/should:




  1. completely revert the ~half that currently uses Core Storage, probably


    diskutil coreStorage revert /Volumes/TimeMachine\ disk




  2. use Disk Utility to add a partition with a compatible file system




  3. use the Time Machine pane of System Preferences (or if confident, diskutil) to put your TimeMachine disk in coreStorage world, with encryption.




After using Disk Utility to manage partitions, repair all volumes


Hint: in some environments, a use of Disk Utility 12 (346) may result in a need to repair, a need that is not immediately obvious. After using this version of Disk Utility to add or resize a partition, consider verifying all physical and logical volumes associated with that physical disk.


Using third party utilities


At least one third party utility can add a partition with a JHFS+ file system without/alongside coreStorage world.


Not all such utilities are logical partition/volume aware, so be prepared to unmount logical volumes before attempting writes to disk.


More generally: with any third party disk utility, proceed with caution in and around coreStorage world. Claims of "complete" compatibility with Lion may be contentious.


HTH Graham



More items, for reference only, in the following folders:



I look forward to Apple publishing more useful information on these subjects.


Comments

Post a Comment

Popular Posts

Use Google instead of Bing with Windows 10 search

I want to use Google Chrome and Google search instead of Bing when I search in Windows 10. Google Chrome is launched when I click on web, but it's Bing search. (My default search engine on Google and Edge is http://www.google.com ) I haven't found how to configure that. Someone can help me ? Answer There is no way to change the default in Cortana itself but you can redirect it in Chrome. You said that it opens the results in the Chrome browser but it used Bing search right? There's a Chrome extension now that will redirect Bing to Google, DuckDuckGo, or Yahoo , whichever you prefer. More information on that in the second link.
Post a Comment
Read more

linux - Using an index to make grep faster?

I find myself grepping the same codebase over and over. While it works great, each command takes about 10 seconds, so I am thinking about ways to make it faster. So can grep use some sort of index? I understand an index probably won't help for complicated regexps, but I use mostly very simple patters. Does an indexer exist for this case? EDIT: I know about ctags and the like, but I would like to do full-text search. Answer what about cscope , does this match your shoes? Allows searching code for: all references to a symbol global definitions functions called by a function functions calling a function text string regular expression pattern a file files including a file
Post a Comment
Read more

How do I transmit a single hexadecimal value serial data in PuTTY using an Alt code?

I am trying to sent a specific hexadecimal value across a serial COM port using PuTTY. Specifically, I want to send the hex codes 9C, B6, FC, and 8B. I have looked up the Alt codes for these and they are 156, 182, 252, and 139 respectively. However, whenever I input the Alt codes, a preceding hex value of C2 is sent before 9C, B6, and 8B so the values that are sent are C2 9C, C2 B6, and C2 8B. The value for FC is changed to C3 FC. Why are these values being placed before the hex value and why is FC being changed altogether? To me, it seems like there is a problem internally converting the Alt code to hex. Is there a way to directly input hex values without using Alt codes in PuTTY? Answer What you're seeing is just ordinary text character set conversion. As far as PuTTY is concerned, you are typing (and reading) text , not raw binary data, therefore it has to convert the text to bytes in whatever configured character set before sending it over the wire. In other words, when y
Post a Comment
Read more

networking - Windows 10, can ping other PC but cannot access shared folders! What gives?

I have a computer running Windows 7 that shares a Git repo on drive D. Let's call this PC " win7 ". This repo is the origin of a project that we push to and pull from. The network is a wireless network. One PC on this network is running on Windows 10. Let's call this PC " win10 ". Win10 can ping every other PC on the network including win7 . Win7 can ping win10 . Win7 can access all shared files on win10 . Neither of the PCs have passwords. Problem : Win10 cannot access any shared files on win7 , not from Explorer, nor from Git Bash or any other Git management system (E-Git on Eclipse or Visual Studio). So, win10 cannot pull/push. Every other PC on the network can access win7 shared files and push/pull to/from the shared Git origin. What's wrong with Windows 10? I have tried these: Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings\ File sharing is on, Discovery is on, Password protected sharing is off Adapte
Post a Comment
Read more