Q: Partition Strategy for Bitlocker

GPT 2 is Core storage, presumably using Filevault 2, so GPT 3, Recovery HD is required and can't be deleted.

So after the obligatory backing up you need to do first, the next step after that is you need to resize this NTFS volume (GPT 4). What utility you use will determine which partition map will be corrects so you have to know these things or you'll experience data loss. Doing it in Windows will change the MBR, so the MBR will show the correct start and end LBA for the Windows partition, the GPT will not. Doing it in OS X will first require a utility that can resize NTFS like building NTFS-3G with Macports, and this will only update the GPT. The MBR will no longer be valid.

The other alternatives are to use a Linux Live CD/DVD that has NTFS-3G tools already built and installed, and use something like gparted to resize. Or buy a 3rd party utility like Camptune, iPartition, or WinClone.

You'll have to check Bitlocker documentation as to how big this unencrypted volume needs to be, and if it needs a unique partition type code, and what that is.

If you use a Linux Live CD/DVD and gparted that'll probably modify the GPT. The only way to be certain is to output the MBR and GPT before you start and then see which changes.

If you use the listed 3rd party (not free) products, they will correctly modify the GPT and MBR.

If you dont have really really secret stuff or is an agent then dont use these things if your system crash you lose everything

If you dont you can always put the hd in a ext box and save your data

Another option, is to convert the disk to MBR only. This has two consequences: the disk can't be larger than 2.2TB or remaining space won't be uable; firmware updates won't be possible as the EFI System partition is needed to stage firmware updates. Otherwise, OS X can boot from MBR only disks. Such a disk would have OS X on the first partition and Recovery HD on the 2nd partition, leaving two primary partitions for other OS's. You could boot OS X off an different disk that uses GPT and has an EFI System partition, should you need to apply firmware updates down the road.

This is probably the most reliable and lease invasive option, short of figuring out how to get Windows 8 to install on a Mac in EFI mode (obviating Boot Camp Assistant, the CSM, and the need for a hybrid MBR).

As for getting spare disk space into an encrypted FileVault volume, this is tricky. I'm pretty sure officially, you're supposed to disable FileVault 2, wait for it to fully decrypt the OS X volume, resize it to consume all space, then re-enable FileVault 2. This obviously will take some time. There is a way to add the unneeded partition as a Core Storage Physical Volume to the existing Logical Volume Group used for the FileVault 2 OS X volume. And then grow the Logical Volume (on which OS X resides). It may sound a little screwy, but this sort of thing has been done on Linux with LVM for around 15 years. Two partitions are added to a volume group, and a single logical volume is created from the volume group. So it looks and behaves like a single volume even though it's made from two partitions (it would work this way if it were made from two disks, which is how fusion drives are created). The encryption is applied because a logical volume family (LVF) with an encryption attribute is attached to the Logical Volume.

I don't yet know of a GUI way of doing any of this, however, only by using the diskutil coreStorage commands.

The "easist" method is the one done entirely in the GUI and is documented. It also takes a long time. Hours in each direction to decrypt, then encrypt again.

That version is to disable FileVaul2, then use Bootcamp Assistant to remove Windows which should also resize the OS X volume to its original full consumption of the disk (minus a few hundrew MB), and then reenable FileVault 2.

I think it's equally acceptable to change the Windows partition into a CoreStorage PV (physical volume) by adding it to the existing CoreStorage VG (volume group) and then growing the existing LV. Functionally it'll be the same result.

I'm a relative novice with computers, but I somehow got Filevault 2 and Bitlocker running on Windows 8.1 in a Bootcamp partition. I enabled Filevault first and then Bitlocker using Windows 8.1 update 1. Everything seems to be working as far as I can tell. Windows seems to have been able to create a new partition for Bitlocker inside the allocated Bootcamp space? I'm not sure but hopefully this keeps running OK. The hospital at which I work requires full disk encryption so I needed both sides encrypted. Any idea how this worked?

Not sure. You could try posting the result from the following read only commands:

sudo fdisk /dev/disk0

sudo gpt -r -v show /dev/disk0

And if you have gdisk installed:

sudo gdisk -l /dev/disk0

It's actually possible that Microsoft is using logical partitions or dynamic disks or something to support this arranagement. In any case you'd definitely not want to make any changes, and the problem with that is that the OS X Disk Utility when clicked on a whole disk device (not just an OS X volume but the drive itself) and you ask it to repair the the disk, it will very likely totally hose this setup. If Windows is using dynamic disks or logical partitions then there's a good chance neither gpt nor fdisk will reveal them, it might even produce a bogus error message. I'm pretty sure gdisk understands MBR primary and logical partitions, but may not display them by default. You might have run the program:

sudo gdisk /dev/disk0   ## assuming the disk in question is disk0

Then in interactive mode you need to get to the expert menu with x. Then to display the MBR use o and to display the GPT use p. And then q to quit without having made changes or control-c.

Thanks for your quick response. It's interesting to learn about drive structure. I don't have gdisk installed but this is what fdisk showed in terminal. It's interesting that OS X only sees 4 partitions and windows sees 5. That makes sense what you wrote about not using disk repair. I imagine this setup would make things difficult for an OS X upgrade. If this is untstable I may have to use a VM instead of bootcamp, but my machine is a 4GB i5 2014 Macbook air so I was trying to avoid a VM. Thanks again.

Disk: /dev/disk0 geometry: 14751/255/63 [236978176 sectors]

Signature: 0xAA55

         Starting       Ending

#: id  cyl  hd sec -  cyl  hd sec [     start -       size]

------------------------------------------------------------------------

1: EE 1023 254  63 - 1023 254  63 [         1 -  236978175] <Unknown ID>

2: 00    0   0   0 -    0   0   0 [         0 -          0] unused     

3: 00    0   0   0 -    0   0   0 [         0 -          0] unused     

4: 00    0   0   0 -    0   0   0 [         0 -          0] unused  

sorry about the poor pasting job, I kept getting errors unless I pasted in plain text