Create encrypted partition for Time Machine from command line using diskutil or gpt, instead of Disk Utility?
-
26-05-2021 - |
Question
I can use Disk Utility to create an encrypted partition, intended for Time Machine backups. I would choose the Mac OS X Extended (Journaled, Encrypted) format.
However is there also away to achieve the same from the command line, using the diskutil
or gpt
command, or something else perhaps?
I know how to manually create partitions with either, I just don't know how to get the exact combination of Mac OS X Extended (Journaled, Encrypted) as the Disk Utility App does.
Solution
Below (in the steps 1-5) I assume you already formatted some device as JHFS+ volume with an arbitrary name (in my example I use TMBackup). If you have an unformatted/unpartitioned disk, you have to partition & format it to JHFS+ first:
$: diskutil list
$: diskutil partitionDisk diskX GPT jhfs+ Name 0
or (if the disk is already GPT-partitioned with one volume):
$: diskutil eraseDisk JHFS+ Name /dev/diskXsY
The content of diskX(sY) will be deleted.
Get the devices list:
$: diskutil list
Example:
... /dev/disk1 (internal, physical): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *1.1 TB disk1 1: EFI EFI 209.7 MB disk1s1 2: Apple_HFS TMBackup 1.1 TB disk1s2
Choose the future backup drive partition and convert it to CoreStorage:
$: diskutil cs convert diskXsY
Example result:
$: diskutil cs convert disk1s2 Started CoreStorage operation on disk1s2 TMBackup Resizing disk to fit Core Storage headers Creating Core Storage Logical Volume Group Reviewing boot support loaders Attempting to unmount disk1s2 Switching disk1s2 to Core Storage Waiting for Logical Volume to appear Mounting Logical Volume Core Storage LVG UUID: 586B5316-C702-4704-B8B9-D5F063AB1F84 Core Storage PV UUID: 17373D1A-FCBD-4915-8699-3DA174B59BB7 Core Storage LV UUID: AE765219-2012-4876-91DD-FE128DC8CA6C Core Storage disk: disk3 Finished CoreStorage operation on disk1s2 TMBackup
Encrypt the logical volume (LV)
$: diskutil cs encryptVolume $UUID(LV)
Example:
$: diskutil cs encryptVolume AE765219-2012-4876-91DD-FE128DC8CA6C New passphrase for existing volume: Confirm new passphrase: The Core Storage Logical Volume UUID is AE765219-2012-4876-91DD-FE128DC8CA6C Started CoreStorage operation on disk3 TMBackup Reviewing boot support loaders Scheduling encryption of Core Storage Logical Volume Core Storage LV UUID: AE765219-2012-4876-91DD-FE128DC8CA6C Finished CoreStorage operation on disk3 TMBackup
Set destination device for Time Machine backups:
$: sudo tmutil setdestination mountpoint
Example:
$: sudo tmutil setdestination /Volumes/TMBackup
Enable Time Machine
$: sudo tmutil enable