What is the difference if any between formatting your drive as Mac OS Extended (Journaled, Encrypted) and then installing OS X or installing OS X on an unencrypted disk and then activating File Vault 2? I always figured there was no real difference between the two but when I used the former method I was asked to enter a password, when I activated File Vault 2 on an unencrypted drive I was given an encryption key.
Mac OS X (10.7.1)
While you can encrypt additional external drives in the way you describe i.e. by formatting them as Mac OS X Extended (Journaled, Encrypted) I am not sure this will work for then making it a bootable drive. The normal process for making a bootable encrypted drive while it uses the same encryption algorithm also stores a list of user accounts authorised to boot and login to that drive, this information is stored in the Recovery HD partition I believe. I don't see how encrypting an external drive beforehand would add this information.
Therefore to do it 'properly' I think you will have to do it the official and slower way after installing OS X on to a drive. You can continue to use the machine while it is encrypting itself and you can reboot and shutdown partway through the encryption process and it will resume when you reboot.
Formatting as an encrypted volume and then installing OS X, i.e. using the encrypted drive as a boot volume worked for me. I'm going to try to deactivate File Vault 2 again tonight and check what the file system format is afterwards
I deactivated File Vault 2 and Disk Utility now claims my disk is Mac OS Extended (Journaled) with no encryption so basically I now have what I would have gotten if I had done the install the regular way to begin with. I suppose the lesson here is that you can install OS X Yosemite on a disk with a Mac OS Extended (Journaled, Encrypted) file system and the system will boot, you just end up with that a pesky "Encrypted Drive" icon on your login screen ind addition to the one for your user account and the one for the Guest User. You can either give the boot volume password there or log straight into your user account.
They are essentially the same thing. They're using the same encryption technology. FileVault 2 is essentially an encrypted disk that's your boot disk, that is unlocked by first pre-booting into EFI and having you enter the passphrase which unlocks the key. For another non-boot drive, it's encrypted the same way, but either you enter the password manually or it's retrieved from the keychain. The encryption on the disk though is identical.
My main concern was whether I would have to repeat the installation since I wasn't sure whether I had double encrypted the disk (although that seemed unlikely) but now Disk Utility is telling me this did not happen. When File Vault 2 is active I now only get my user's icon on the login screen. When I punch in the credentials and hit the login button in I get a process bar and it takes a few seconds before the desktop is rendered but perhaps that is normal on a File Vaulted system? It seems to me that a reinstall is not necessary.
Installing to encrypted drive vs. activating File Vault 2
