Backing Up OS X with Mirrored Encrypted RAID

BombComputing technology is insanely reliable when you look at statistical error rates. Hard drives read and write trillions of bits while rarely producing a reportable error. But when you want some data to live forever (like family photos or critical business records), even an occasional error is a problem.

I’ve been using OS X and Time Machine for at least a decade now. I rely on RAID 1 “mirrored” backups. In other words, my Time Machine storage contains 2 separate hard drives. Everything is written to both of them. If one fails, I replace it with a new one, and rebuild from the good drive.

I also like to encrypt my hard drives. OS X provides convenient and capable hard drive encryption, but it doesn’t play well with the OS X RAID service. I’ve found it best to use an external RAID enclosure which handles the mirroring. I let OS X handle the crypto.

I used to rely on OS X to do both the encryption and the RAID. There are ways to set this up using shell commands to the OS X Disk Utility. Then I upgraded from an aluminum Mac Pro tower to an iMac, and moved my Time Machine drives to an external RAID enclosure.

Then I outgrew the enclosure.

How not to do backups

I bought a cheap external drive housing to handle a larger hard drive. I connected the old enclosure (with a pair of disks simulating a larger one) and the new housing. I had to go back to OS X RAID to do the mirroring. I then found an updated set of directions to configure both RAID and encryption on the same OS X volume. This worked, but not completely.

The hard drive died in my iMac. This was a known problem that Apple fixed for free. The guys in the Apple Store were astonished that I had a backup – an old guy with an easy to use computer, carried in wrapped in a dog bed. It took them a couple days to put a new, but erased, hard drive.

OS X makes it very easy to restore an erased hard drive, especially if you use Time Machine. You plug the drive into the repaired – though empty – computer, and type Command-R as you restart the computer. This starts OS X Recovery, which gives you several choices for recovering a disabled computer. I selected “Restore from Time Machine.”

This is where the RAID + crypto caused trouble. The recovery software prompted me for my encryption passphrase. I supplied it. Then it asked again. And again.

I used another Mac to confirm that I’d remembered the correct passphrase.

To recover, I had to decrypt the encrypted drive and then use it in OS X Recovery. It seems that the OS X Recovery software can’t handle the same complexity as the full OS. Even though there’s a way to make the OS combine RAID and encryption, the Recovery software isn’t sophisticated to keep up with is.


After I decrypted the encrypted backup and restored the computer, I bought myself a brand-new RAID enclosure. The new one handles the largest drives I can get and will automatically mirror the backups. I tell OS X to encrypt the backup, and everything works fine.