What options are available to perform whole disk encryption with Snow Leopard

Question

We would like to encrypt the entire disk of a Snow Leopard workstation running some sensitive file, database and web services. PGP does not yet work for 10.6, and we cannot use FileVault as it is not compliant with FIPS and would require non-standard installation of services.

What whole-disk options are available that are known to work with Snow Leopard?

score 1 · Accepted Answer · answered Nov 18 '09 at 13:29

1

It looks like the PGP WDE beta has opened. I'm beta testing it now and it appears to be working fine on Snow Leopard 10.6.2

answered Nov 18 '09 at 13:29

agoldfish

26
1

score 0 · Answer 2 · answered Apr 07 '10 at 08:44

PGP Whole Disk Encryption (10.0.1) does now work on Snow Leopard (10.6.3), and it seems to work well. On my MacBook Pro, there is no noticeable reduction in overall system performance with PGP WDE, except that the boot process takes about 15 seconds longer than usual.

I can recommend PGP Whole Disk Encryption, but for email encryption I find PGP's commercial product a bit klunky (it's proxy-based so it doesn't integrate with Mail.app in any way). For PGP email, I use Thunderbird + its EnigMail PGP plugin, which seems smooth so far, even though it meant ditching Apple's Mail.app. Fortunately Thunderbird 3.0 is polished, and integrates with Address Book and Spotlight.

I would argue against using Apple's FileVault to provide filesystem security. Firstly of course it's less secure (it can't protect the operating system binaries and config files from tampering - it only protects your user files). Secondly I've tried FileVault on my home directory in the past, and it was noticeably slower at starting up and especially at shutting down. If you want encryption, I think it's faster and smoother to encrypt the filesystem rather than using an encrypted file container.

Martin

score 0 · Answer 3 · answered Sep 30 '09 at 12:11

0

I can also confirm that the Checkpoint FDE solution is incompatible with Snow Leopard. So far they haven't got back to me with an estimated release date. PGP however are soliciting beta testers for their FDE update which will support 10.6.

answered Sep 30 '09 at 12:11

agoldfish

26
1

score 0 · Answer 4 · answered Oct 19 '09 at 20:38

I would say that encrypting the whole disk is probably going to increase overhead of the system. I would use Disk Utility to create a disk image that's password protected, and thus encrypted. Mount it as a startup item and then create symlinks in your filesystem to its mount point.

So if the disk image was called "Secret-Image" and it was for a postgres database then you would mount the image and make the symlink ln -s /Volumes/Secret-Image /var/lib/pgsql

score -3 · Answer 5 · answered Sep 22 '09 at 13:54

-3

TrueCrypt is an option to keep an eye on, though like PGP, it does not yet work on Snow Leopard

answered Sep 22 '09 at 13:54

Craig Hume

27
1

At this point, TrueCrypt only does whole disk encryption on Windows, not Linux or any version of OS X (I'm not disagreeing, I'm just being more specific). – Oct 17 '09 at 02:20

What options are available to perform whole disk encryption with Snow Leopard

5 Answers5