Cloning a Filevault 2 boot device with Disk Utility.
I have an iMac desktop and a MacBook laptop. I use the second one when
travelling (which happens fairy often). At any time, only one or the other of
the two Macs is current and in use, but not both.
Until recently, I was using Filevault 1 to protect confidential data in the two
user accounts.
Before any travel and after it, I boot the Mac in use on a USB key that contains
the current installation kit. I use the Disk Utility on the USB key to clone the
system disk on an external one (which also gives me a useful bootable system
backup). Then I boot the other Mac on the USB key to clone the external backup
on its (the second Mac's) internal hard drive. Then I only have to rename the
system (strictly speaking, this isn't even necessary) and reload one or two
icenses to have my current system available and ready on the second Mac.
Recently, just before upgrading from Mountain Lion to Mavericks, I disabled
Filevault 1, in order to encrypt the disk with filevault 2 after the upgrade.
The upgrade to 10.9.2 went well and I then activated Filevault 2. The internal
hard drive was encrypted without any trouble and the resulting system ran OK.
So far, so good.
But, the first time after the upgrade when I had to transfer the system from the
desktop to the laptop for yet another trip, I saw that Disk Utility (after
unlocking the desktop boot drive) produced an unencrypted version of the system
disk...
Not only was this highly unwanted (in case the external disk would be stolen, it
is unencrypted), but it also forced me to reactivate Filevault 2 on the laptop
after transferring the current system on it. This took time and, what's even
more undesirable, it defined a new different encryption key, that I needed to
store in place of the previous one, with a serious risk of confusion between
various versions of the key.
I don't wish to have to manually encrypt my bootable backups: producing them is
already time consuming enough. I don't even know if, after encryption, they'll
still be bootable (a very highly desirable feature). And I don't wish to have to
store a new version of the encryption key each time I have to switch from the
desktop to the laptop or vice-versa either.
So the question is: is there a way for the Disk Utility to clone a Filevault 2
encrypted system disk while preserving its encryption (meaning: keeping the same
passwords and encryption key to unlock the encrypted resulting device)?
Regards,
Denis MAILLARD.