Working with FileVault Encryption

Printer-Friendly Version

CCC is fully qualified for use with FileVault-protected volumes (HFS+ and APFS). CCC offers some advice around enabling encryption in the Disk Center.

Enabling encryption on a volume that contains (or will contain) an installation of macOS

If your goal is to create a bootable, encrypted backup, use the following procedure:

  1. Follow CCC's documentation to properly format the destination volume. Do not format the volume as encrypted.
  2. Use CCC to back up your startup disk to the unencrypted destination volume.
  3. Click on the destination volume in CCC's Disk Center, then click the Recovery HD button to create a Recovery HD volume. Note: You must be logged in to an administrator account to perform this step. [This step is unnecessary if your destination is an APFS-formatted volume]
  4. Open the Startup Disk preference pane and restart your Mac from backup volume.
  5. Enable FileVault encryption in the Security & Privacy preference pane of the System Preferences application.
  6. Reboot your Mac (it will reboot from the backup volume).
  7. Open the Startup Disk preference pane and restart your Mac from your production startup volume.
  8. Configure CCC for regular backups to your encrypted backup volume.

Note: You do not have to wait for the conversion process to complete before using the backup disk. Additionally, you do not have to remain booted from the backup disk for the conversion process to complete. You can simply enable FileVault encryption, then immediately reboot from your primary startup disk and the conversion process will carry on in the background. Encryption will continue as long as the backup disk is attached. macOS doesn't offer a convenient method to see conversion progress, but you can type diskutil apfs list (or diskutil cs list if the applicable volume is HFS+ formatted) in the Terminal application to see conversion progress. Some users have found that conversion may not resume until you log in to an admin account while booted from your production startup volume, so try that if conversion appears to be stalled.

Enabling encryption on a volume that will not contain an installation of macOS

If your backup volume won't be a bootable backup of macOS, simply right-click on that volume in the Finder and choose the option to encrypt the volume. If your Mac is running macOS High Sierra or later, please note that macOS will convert an HFS+ formatted volume to APFS when you enable encryption in this manner.

Finder option

Related Documentation