User profile for user: cjp987
cjp987 Author
User level: Level 1
41 points

How to hide "Recovery HD" and "Boot OS X" partitions

I have an external drive with two partitions, one to be used as a TM backup and the other will be a clone of internal HD. I want both to be encypted. I installed Lion on the clone partition, booted into it, and enabled filevault encryption. I then pointed TM to the TM partition, and enabled encryption with it also. I then rebooted into the internal HD. Once booted, it prompted me for passwords for the two external encyrpted partions, which I supplied and they mounted fine. However, also mounted were the "Recovery HD" and "Boot OS X" partitions. This is annoying. Too many disk icons on the desktop and finder sidebar to wade through. Is there anyway to hide them?

Mac OS X (10.7.3)

Posted on Apr 13, 2012 10:37 PM

Reply
4 replies
User profile for user: ds store
ds store
User level: Level 7
30,855 points

Apr 14, 2012 9:22 AM in response to cjp987

The purpose of TM and option key bootable clones is as a backup system.


Encrypting TM I perhaps can understand as it's connected to the machine all the time for the file recovery option.


But the clone should remain unencrypted so not only can you boot from it, but also access your files direclty in case it wont boot or unlock.


If you have to place the clone in a safe, then do so. A thief is going to take everything he see's anyway, if it's encrypted or not as they are after the hardware value.



If you have sensitive data, it should be stored on a self encrypting external hard drive or USB key, off the computer, these drives have their own hardware based encryption with a key or keypad, thus they can be taken to any computer and used to read the files.


Software based encryption is flaky and prone to being comprimised. Hardware based encrpytion is more secure as it can't be changed and requires a electornics specialist to crack it.


If your computer has a problem that it needs servicing and you can't boot to remove sensitive files, Apple will require the Filevault password to service it and they will see those files.


If you take the encrpted computer/anything through Customs, they can require your password and image your drive.


If your house gets raided by the police, they will demand the password(s) take the computer and anything else to search for evidence.


On top of all that, encrpyting the entire boot drive makes it difficult to "fix" in times of trouble and it slows down the performance.



https://discussions.apple.com/docs/DOC-3045


https://discussions.apple.com/community/notebooks/macbook_pro?view=documents

Reply
User profile for user: cjp987
cjp987 Author
User level: Level 1
41 points

Apr 14, 2012 10:18 AM in response to ds store

The clone partition is just taking advantage of the excess space on the TM drive. I figured it's the best way to make use of this space. Thus leaving it unencrypted and in a safe place is not an option.


I do have two WD Passport drives with hardware encryption. I swap them weekly between home and work so one is always off site. I do TM backups of my 4 home machines on them once a week just before the swap. The TM drive this discussion is talking about is not self encrypting. It is the TM drive is always connected to the machine, so it has the most complete (and recent) backups.


Regarding Apple needing the Filevault password, I'll swap in a non-encrypted drive if it comes to that.


Regarding Customs, I travel internationally about every 10 years, so not a big deal. I can either decrypt ahead of time, or just setup a password I don't mind giving up.


Regarding police raids, if it comes to that, giving up my Filevault password will be the least of my worries.


Regarding Filevault slowing performance and making things harder to fix, I understand that, but I feel the added security is worth it. I have too many machines and external drives floating around. One theft and I'm in identity theft ****. I'm making sure they are all encrypted now (hardware or software). I would consider just encrypting a single documents folder, but locally cached emails make that not sufficient. I have too much sensitive data in my emails, especially work related, and haven't figured out a reasonable way to keep them protected. Plus all that **** caching that goes on (cookies, keystores, etc). I'm not even sure what is where, so it's simpler for me to just encrypt everything. I've done that on my two laptops that have Lion (main reason I got Lion in the first place), and it's worked out well. I still have an iMac and MacMini I need to upgrade and get on board.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to hide "Recovery HD" and "Boot OS X" partitions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up