Shirt Pocket Discussions

Shirt Pocket Discussions (https://www.shirt-pocket.com/forums/index.php)
-   General (https://www.shirt-pocket.com/forums/forumdisplay.php?f=6)
-   -   Simple way to make encrypted backup of data volume only (https://www.shirt-pocket.com/forums/showthread.php?t=7271)

wildthing 04-03-2021 08:29 AM

Simple way to make encrypted backup of data volume only
 
Hi, is there a simple way to make encrypted backup of my data on macOS 10.15 Catalina, that does not involve booting from the target disk and enabling FileVault?

As you know the old method of erasing the target disk, formatting as APFS (encrypted), and writing to the empty target disk using Smart Update no longer works in Catalina.

I tried using the recommended solution of making an unencrypted backup, booting from the backup, and enabling FileVault - but it didn't work. I was able to boot from the backup successfully, but the computer was so slow that it was virtually impossible to use... sometimes taking over a minute to respond. Dialogs popped up with a FileVault icon saying that various apps were being verified, for example:
Verifying "1Password.app"...
I tried enabling FileVault and eventually got the following error - possibly due to timeouts and the like:
FileVault Failed
An internal error has occurred.
I Force Quit System Preferences.app and started it again but got this error:
Preferences Error
Could not load Security & Privacy preference pane.
By the end of this process my blood pressure was in the danger zone and I was ready to throw my laptop out of the window!

Now I've reached the point where I don't care if my backups are bootable or not[*]. I also don't care if my backups only include user data, and not system data (if I had to do a restore, I'd be fine with spending a weekend re-installing everything, since I could do with making a fresh start anyway).

So I'm looking for a quick and easy way to back up MY DATA ONLY that is ENCRYPTED. Preferably something that is forwards-compatible with Big Sur so I don't have to revise my backup procedure yet again in the near future. If it includes both system and data volume, that would also be fine - as long as I don't need to boot from the backup and enable FileVault.

[*] I understand bootable backups won't be available in Big Sur on Apple Silicon anyway, so I might as well get used to it now.

P.S. Your website seems to be available in two domains (shirtpocket.com and shirt-pocket.com) and neither redirects to the other, so it's not clear which one is canonical. When I log in to shirtpocket.com I get the following error:
Invalid Redirect URL (https://shirtpocket.com/forums/)

dnanian 04-03-2021 01:43 PM

There isn't at present, no (although you may be able to use the Big Sur steps explained at the blog). Do you have an external HDD or SSD? An SSD is significantly faster.

Also, booting from the drive a second time will likely make it fast enough to enable FileVault - the first time the system is doing a ton of work to re-validate signatures, update Spotlight and the like. It's very slow on an HDD...

wildthing 04-03-2021 02:40 PM

Thanks for your reply.

I have a number of HHDs for backing up multiple Macs which I rotate - replacing them all with SSDs would be expensive.

OK I'll try using v3.2.5 to backup just the data volume to an encrypted but empty destination drive, and see if that works.

After giving it some thought, and contrary to what I said in my original post, I think my ideal backup process would probably include both system and data volume, to give at least the option of restoring the system without re-installing everything. But it would still be encrypted, and would not require booting from the backup and enabling FileVault. And I'm still fine with it not being bootable.

Do you think this might be possible in future versions of SuperDuper with macOS 11+ on Apple Silicon?

wildthing 04-03-2021 02:46 PM

I should also add that I store my backups in off-site locations which I consider to be less secure than my home.

For this reason, I want my encrypted backups to be protected using a long and random passphrase, stored in my password manager, which is orders or magnitude stronger than the macOS account password(s) at the OS level.

This is especially the case as I share some of my Macs with other members of my family who need their macOS account password to be considerably weaker than mine.

The old method of making encrypted backups allowed me to do this. I could make backups that could *not* be unlocked using any of the macOS account passwords. You needed to enter the long and random passphrase first.

Is this capability gone for good in the brave new world?

dnanian 04-03-2021 04:50 PM

Yes, this capability is gone for good.

dnanian 04-03-2021 04:52 PM

Let me rephrase - the ability to use a different form of encryption, other than FileVault, for a bootable backup seems to be gone for good.

wildthing 04-03-2021 04:58 PM

What if you don't need it to be bootable?

I know that bootable backups are gone for good. I'm over that now :-)

dnanian 04-03-2021 09:08 PM

No, bootable backups are not necessarily gone for good. But copying to an encrypted volume, if both system and data volumes are included, looks to be.

wildthing 04-04-2021 05:46 AM

OK but what about data volume only? That is the next-best thing for me.

Last night I was successfully able to use SuperDuper v3.2.5 to copy ONLY my data volume to a pre-encrypted destination drive.

Following this, my backup is encrypted with a strong passphrase, and cannot be unlocked with any of the macOS account passwords. This is the number one requirement for me. Backing up the system volume is a nice-to-have, but not essential.

But in order to do this, I had to use an old version of SuperDuper.

Is there any chance you could bring back this "feature"[*] in future versions of SuperDuper?

[*] I believe it wasn't an intentional feature... but it's a feature to me!

dnanian 04-04-2021 08:09 AM

We'll see... but you can use v3.2.5, which is fine for this case.

wildthing 04-04-2021 12:21 PM

Great, thanks.

Please consider this a feature request to restore the v3.2.5 functionality in future versions of SuperDuper.

In the meantime, I'll continue using v3.2.5. But that clearly ain't gonna work forever.

:cool:


All times are GMT -4. The time now is 05:54 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.