Previous 1 2 Next 18 Replies Latest reply: Nov 28, 2015 5:47 PM by Adam Wildavsky
Adam Wildavsky Level 1 (0 points)

I have formatted a USB 3.0 drive using Disk Utility's MacOS Extended (Journaled, Encrypted). I have copied my internal disk to it using Super Duper. Now I would like to be able to boot from it. I cannot figure out how. I can set it as my startup disk using System Prefences, but that Mac still starts up from the internal drive. When I hold down the Option key while booting only the internal drive shows up. I'm using MacOS 10.8.5 on a 2013 MacBook Air. Any tips?

  • Alberto Ravasio Level 4 (3,790 points)

    You cannot boot from that disk, because is only an encrypted volume that contains the image of your main disk.

  • Adam Wildavsky Level 1 (0 points)

    Why not? I can boot from my internal drive, and it is encrypted.


    Perhaps this is a limitation of MacOS, and it simply does not provide a mechanism to enter a decryption key when booting from an external disk. Is this is the case, does anyone know whether the issue is addressed in Mavericks?

  • Alberto Ravasio Level 4 (3,790 points)

    Because it takes a different approach. Enabling FileVault2 on your boot disk requires you to also enable one or more accounts that are used to unlock the drive before booting the OS.

    Indeed, encrypting a generic volume, only takes a password to unlock it, before gain access to its contents.

    You will probably have success, if you clone the internal disk onto the external one.

  • Adam Wildavsky Level 1 (0 points)

    Alas, cloning is not effective. I have already tried it -- in fact it is the only thing I have tried. I mentioned in my original post that I had used SuperDuper. It's purpose is precisely to clone a startup disk onto another volume.

  • yvlikejoy Level 1 (0 points)

    I think you can have unencrypted bootable volume and then clone it to the external encrypted drive and then it should  boot.

  • Adam Wildavsky Level 1 (0 points)

    Have you tried it? This is exactly the procedure I followed, and I was not able to boot from the encrypted drive.

  • alex_vms Level 1 (0 points)

    I too have been trying to make an encrypted bootable extranal drive partition.  I bought a 1TB Seagate Backup pLus drive.  My system is a 250 GB Toshiba stock drive in a white Macbook 13" from 2010 with 4GB memory. 


    Created a USB key boot of the Mountain Lion install download using the burn of the ESD image from shared resources of the install package contents.  Ironically the usb key would not boot on my system but does on my daughters' Macbook Pros.  Instead, I created a 5.98GB partion and used diskutil to clone the key drive and it boots from that partion into the insrtaller, which looks similar to the recovery partition boot. but I digress.


    Used disk utility gui to partion the Seagate with a 250.05 GB partition to match my internal drive.  Performed  restore from internal drive to external partition, a 4 hour proces, and was able to boot external partition which was detected when holding down option at restart.  Booted OK


    Tried encrypying with command mode diskutil cs convert, which processed successfully but diskutil cs list showed it in checking for a day.  Rebooted and still the same.  Wiped drive, creatred blank 250.05GB partition and performed rncrypt from finder using ctrl click.  Encryped partition in a few hours, not sure how many as I walked  away and did other stuff.  Performed same diskutil restore of internal drive to external partition, now pre-encrypted, from recover boot, still 4 hours.  Disk unlocks and mountsOK but no how no way will it boot.


    Apple's  Filevault document says explicitly that to encrypt a boot disk it must be done from system prefs security filevaiult, as we do for the internal drive.  What I am abou to do, after decrypting my external partition, is boot from it and perform the standard filevault encryption for it as was done for the internal drive and see what happens.


    The filevault security pref must be doing something extra for the boot disk than what we have been doing with the encrypt options given to us, which must be undocumented.  Wonder if the encryption process on the external partition would continue if we mounted it up after bootiing from the normal internal disk.

  • Adam Wildavsky Level 1 (0 points)

    Thanks Alex! You have taken this further than I have. I was hoping there might be a straightforward solution, but apparently not. I am traveling and will not take this up again any time soon. I look forward to learning whether your efforts are successful.

  • Al Q Level 1 (105 points)

    I have just gone through a similar process with Mavericks 10.9.2. And after a long series of debugging tests I now know exactly what works and what does not.


    Encryption is not the problem. It is lack of USB3 support in the boot ROM of some recent Mac computers including my Macbook Pro mid 2012 model.


    You can format an external USB3 drive as Mac OS Extended (Journalled), either encrypted or not, using Disk Utility. And you can clone your internal drive with Super Duper! after mounting (and if necessary unlocking) the USB3 drive. You can also choose to store the unlocking password in your login keychain, so that the drive mounts without password entry on your Mac once your keychain is unlocked. I think you have already done most of this.


    If your drive is directly connected to your Mac using USB3, when you restart holding Option, it does NOT show up as an available boot device because of the limitation in the boot ROM (which I have reported to Apple; they may or may not choose to fix it). However there is an easy work-around. Just connect your drive via a USB2 hub, or using a USB2 cable (some USB2 cables will connect to some USB3 drives). That way it appears to the Mac as a USB2 drive, which the boot ROM fully supports, and you can select it and boot from it. I have verified that both encrypted and unencrypted USB3 drives will boot when connected as USB2.


    Naturally the drive will be quite a bit slower connected that way, but at least it works and you do have the advantage of USB3 speed whenever you are not actually booted from the drive.

  • Adam Wildavsky Level 1 (0 points)

    Thanks for the thorough research, Al!


    Alas, this cannot be the problem in my case. My Mac, an 11-inch Mid 2013 MacBook Air running OSX 10.9.2, boots from an external USB 3.0 drive with no trouble.

  • Al Q Level 1 (105 points)

    There are at least 3 kinds of boot behaviour with a USB3 drive. On older Macs with USB2 ports there is no problem booting because the drive connects in USB2 mode. For newer Macs such as yours, it is possible to boot in USB3 mode. And for those in the middle, like mine, it is necessary to force USB2 mode to be able to boot.


    I got started on this exercise trying to boot from a USB3 drive set up as encrypted using Disk Utility, exactly as you did. I blamed the encryption, then discovered that an unencrypted USB3 drive was also invisible to the boot ROM.


    Once I got the idea of connecting my drive via a USB2 hub, both encrypted and unencrypted USB3 drives showed up in the Option Restart screen, could be selected, and would boot. With an encrypted drive, a dialog popped up asking for the password, and then everything went normally.


    It's clear that for my vintage of Mac the boot ROM was forgotten when USB3 support was being implemented. I suspect that a year later they tried to add USB3 to the ROM but only did half the job, forgetting the possibility that the drive might be encrypted.


    If you have access to a USB2 hub, or to a USB2 cable that will plug into your encrypted USB3 drive, please try an option/restart in USB2 mode. I predict that the drive wll show up as bootable, and that you will be able to enter your password and boot from the drive.


    It would be really disappointing if your newer boot ROM has lost the ability to boot from an encrypted drive, even in USB2 mode.


    The fact that there are Macbook models in the field that do have USB3 support (even if it is incomplete) improves the odds that they would be able to add that support to my vintage of Mac without a lot of effort. Let's keep this topic hot in the discussion forums in the hope that fixed boot ROM images will be released for all USB3 Macs.


    I have not had any response yet to my formal bug report filed with Apple. I'll let you know their reaction when it comes.

  • Adam Wildavsky Level 1 (0 points)

    I do have a USB 2.0 hub. I no longer have an encrypted backup volume, but I can create one. I'll try and let you know what happens. It may take me a few weeks to get to it.


    Thanks again!

  • Al Q Level 1 (105 points)



    One thing Apple asked me to do, to rule out any problem with "third party software" was to create a fresh 10.9.2 installation on a USB external drive. I did that, following Apple instructions   (, and verified that it could not be selected when connected as USB3, but was fine connected via USB2.


    That system was about 13 GB. So it should fit nicely on a 16 GB USB3 memory stick. If you happen to have one of those around it might be interesting to format it encrypted, then install Mavericks on it (taking great care to select it in the installer, not your internal drive). That would provide an absolutely unbreakable test case for what your particular boot ROM does with USB3/USB2 and encryption, without requiring you to reformat an external drive that you are probably using for something else now.


    This is NOT in any way a negative comment on Super Duper! In my opinion it is rock solid, and Dave Nanian's support for it is unbeatable. It's just a way to make it 100% Apple's own problem with no chance to point fingers.

  • Adam Wildavsky Level 1 (0 points)

    I like that idea. I'll try it and let you know what happens. I just ordered a 16 GB USB3 stick.

Previous 1 2 Next