Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rate Thread Display Modes
Old 04-05-2012, 11:47 AM   #1
acme
MVP
 
Join Date: Jan 2009
Posts: 2,066
2 Boot partitions: can I hide one?

I have a mac book pro, sometimes take into client/work scene. One client I do work for I have on one partition...a bootable partition...I want to make sure that nobody can peek or pry when I am booted into the other partition...client confidentiality, etc.

is there a way I can make the non-booted non visible/non viewable to any prying eyes while booted into the other one?

thank you!

a
acme is offline   Reply With Quote
Old 04-05-2012, 12:17 PM   #2
NaOH
Hall of Famer
 
Join Date: Dec 2007
Posts: 3,784
You can prevent partitions from mounting when connected (if external) or when booting (on the internal drive or if external and connected). But this isn't total security since the unmounted volume could always be mounted using something like Disk Utility. I have numerous drives with numerous volumes, so I do this for non-security reasons. Setup takes just a few minutes.
  1. In the Finder, use the Go menu to select Go To Folder.
  2. In the dialog, enter /private/etc then press Go.
  3. Find the fstab file and copy it to somewhere else on your Mac.
  4. Open Disk Utility and select the volume you want to keep from mounting.
  5. Press the Info button or Command-I and copy the Universal Unique Identifier (UUID). It's a long string of letters and numbers.
  6. Quit Disk Utility, then open the fstab file with a text editor like TextEdit or TextWrangler.
  7. Paste the following into the file, replacing the UUID information you copied from Disk Utility.
    Code:
    # Identifier, mount point, fs type, options, dump order, check order
    UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX none hfs rw,noauto 0 0
  8. Save the file, then replace the existing fstab file in /private/etc, at which point you'll have to enter your administrator password. Once you restart, the volume should not mount.

There are multiple ways you can mount this volume when you do want it. One, obviously, would be to go into Disk Utility and mount it there. There are (at least) two free utilities for mounting/unmounting volumes, Semulov and MountnuoM. If you'd prefer an AppleScript-based method because you already use a script launcher, that's easy, too. Simply use this script, replacing your volume name as necessary.

Code:
set theDisk to "Volume Name"
do shell script "diskutil mount `diskutil list | awk '/ " & theDisk & " / {print $NF}'`"
NaOH is online now   Reply With Quote
Old 04-05-2012, 12:29 PM   #3
NaOH
Hall of Famer
 
Join Date: Dec 2007
Posts: 3,784
Quote:
Originally Posted by NaOH
You can prevent partitions from mounting when connected (if external) or when booting (on the internal drive or if external and connected).

I should add that if the volume to be hidden is a bootable volume with 10.7, you may want to consider the full-disk encryption option. With that enabled, someone can't mount the hidden volume without knowing the password. Personally, I think it's a good idea with any computer which has sensitive data and is exposed to any reasonable risk. Encryption seems to be one of those topics which divides people, so maybe others will explain why they don't feel comfortable using it.

If you want to enable this, you'll need to boot from that volume, go to System Preferences > Security & Privacy, then use the FileVault tab to enable it. The process takes a little while, and that varies depending upon how much data is on the volume. My vague memory is that for me it took about 30-45 minutes for 40 GB or so.
NaOH is online now   Reply With Quote
Old 04-05-2012, 03:09 PM   #4
trevor
Moderator
 
Join Date: Jun 2003
Location: Boulder, CO USA
Posts: 19,804
If you have a MacBook Pro model that has a Core i3, Core i5, or Core i7 processor, the whole-disk version of Filevault encryption in Lion shouldn't slow you down in any noticeable way.

Trevor
trevor is offline   Reply With Quote
Old 04-05-2012, 05:28 PM   #5
acme
MVP
 
Join Date: Jan 2009
Posts: 2,066
thank you for that meaty description of the procedure, NaOH.

trevor: mine is a 2010 13" MBPro, so core duo..would FileVault not work for my purpose on this machine?

thank you!

a
acme is offline   Reply With Quote
Old 04-05-2012, 05:41 PM   #6
NaOH
Hall of Famer
 
Join Date: Dec 2007
Posts: 3,784
Quote:
Originally Posted by acme
trevor: mine is a 2010 13" MBPro, so core duo..would FileVault not work for my purpose on this machine?

Unless you've got the year listed incorrectly, that machine is at least a Core 2 Duo. You absolutely can use FileVault with that processor (or any Lion-capable Mac). Trevor's point is just that you may see slight speed hits on more intensive computing activities, things like booting, launching bulky applications (Creative Suite, for example), or doing processor-intensive activities like image and video work. There's probably a hit for simple things, too, but I doubt it's noticeable for the tasks that always go very quickly.

I use FileVault with a significantly older computer than yours. Admittedly, I run off an SSD, so that helps a bit. But if there's a speed hit, it's not one I'm really noticing. And you can always disable FileVault if you find it's slowing you down too much. For my tastes, it would have to be a pretty significant hit for the tradeoff in lower security.
NaOH is online now   Reply With Quote
Old 04-05-2012, 05:43 PM   #7
trevor
Moderator
 
Join Date: Jun 2003
Location: Boulder, CO USA
Posts: 19,804
No, it will work, there's no question about that. But as you're using the Core 2 Duo processor, I would personally do some benchmarks to compare how long various things take you with and without an encrypted drive. The Core i3, i5, and i7 processors have additional AES encryption instructions built-in to the processor, and reportedly Lion's implementation of Filevault for whole-disk encryption use those AES instructions very well--benchmarks on those processors show only a tiny slow-down, not enough to worry about.

I've not seen benchmarks of Lion's FileVault done on a Core 2 Duo Mac, so it's currently not known (well, not known by me anyway) how much Lion's FileVault slows down the computer in that circumstance.

Trevor
trevor is offline   Reply With Quote
Old 04-05-2012, 05:45 PM   #8
NaOH
Hall of Famer
 
Join Date: Dec 2007
Posts: 3,784
At least one site has done FileVault benchmarks. I'm no whiz at evaluating those reports, so I'll leave any commentary to those who know more.
NaOH is online now   Reply With Quote
Old 04-05-2012, 05:50 PM   #9
trevor
Moderator
 
Join Date: Jun 2003
Location: Boulder, CO USA
Posts: 19,804
Yes, thanks for the link. I'll just say, though, that XBench is a lousy benchmark program, I wouldn't trust it's numbers as meaning anything at all.

Using XBench (which means I don't value these results at all), it is reported that there is a performance hit on a Core 2 Duo machine:

Quote:
Originally Posted by Jay
My personal take from the numbers is that Lion FileVault comes at a large performance hit on Core 2 Duo machines w/Toshiba drives; a performance hit that I would personally find unacceptable. Inversely, the performance hit on a Core i7 machine w/Samsung drive is 3x less drastic, and thus, for me, well worth it.

Trevor

Last edited by trevor; 04-05-2012 at 05:55 PM.
trevor is offline   Reply With Quote
Old 04-05-2012, 09:20 PM   #10
acme
MVP
 
Join Date: Jan 2009
Posts: 2,066
Quote:
Originally Posted by NaOH
I should add that if the volume to be hidden is a bootable volume with 10.7, you may want to consider the full-disk encryption option.

NaOH..I wanted to re-visit this..just caught that you said "with 10.7."

The volume I'd want hidden will have to be 10.5, because the software I'm using for that client won't work with anything higher.

You're saying for your method to work, the volume I want to hide must be a 10.7 volume?

thank you,

a
acme is offline   Reply With Quote
Old 04-05-2012, 09:30 PM   #11
NaOH
Hall of Famer
 
Join Date: Dec 2007
Posts: 3,784
Quote:
Originally Posted by acme
You're saying for your method to work, the volume I want to hide must be a 10.7 volume?

You absolutely can use the disk-hiding method I described on a 10.5 system, but I don't believe a password will be necessary to mount that volume (perhaps I'm wrong about that last part since I'm not speaking from experience). 10.7 is only necessary for full-disk encryption (FileVault 2). Pre-Lion systems also have FileVault (v. 1), but it only encrypts the home folder. I never used FileVault 1 because it was reported to have some quirkiness, and that just didn't seem worthwhile to me since it wasn't even full-disk protection.
NaOH is online now   Reply With Quote
Old 04-05-2012, 09:33 PM   #12
acme
MVP
 
Join Date: Jan 2009
Posts: 2,066
Thank you, NaOH.

a
acme is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 07:38 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.