So you got your brand new flashing MacBook and want to have your home directory encrypted with the oh-so-easy FileVault? The bad news is that TimeMachine backups of your home directory will become uncomfortable, to say the least. They will only be done upon logoff (not hourly!), and they’ll hog a lot of space because major parts of the encrypted sparse bundle will have to be backed up every time (even small changes lead to a large number of ‘bands’ in the sparse bundle being changed).
But there’s a solution. I couldn’t find it anywhere on the web, but some quick questions on the Apple Support Forums helped me find the answer.
First, you’ll want Time Machine to exclude the encrypted version of your home directory. You can either log in as a different user and then add /Users/username/username.sparsebundle to your exclusion list. But if you don’t want to create a second user on your Mac, you can also edit /Library/Preferences/com.apple.TimeMachine.plist directly. You’ll have to do so in part two of this guide anyway. You’ll notice that this file is stored as a ‘binary plist’, e.g. you can’t read it. But Bare Bones’ TextWrangler can. When editing the plist with the appropriate tool, you’ll find an entry called <key>SkipPaths</key>. Make sure that it contains an entry like this:
<key>SkipPaths</key> <array> <string>/Users/username/username.sparsebundle</string> </array>
<key>SkipPaths</key><
You may also want to remove your existing backups of the encrypted home directory. To get rid of them, start Time Machine, navigate to any version of /Users/username/username.sparsebundle, alternate-click it, and select ‘remove from Backups’.
Step two. Snow Leopard excluded mounted volumes by default, but we want it to include your mounted home directory volume. To do so, we’ll need to dig a bit further into the matter. You can explicitly tell it to include volumes by adding entries to the Time Machine plist like this:
<key>IncludedVolumeUUIDs</key> <array> <string>B59D3B0B-...</string> </array> <key>IncludedVolumes</key> <array> <data> AAAAAAKIAAIAAQZkYW5pZWwAAAAAAAAAAAAAAAAAAAAAAAAAAADHOwPSSCsA
... </data> </array>
So we’ll have to find out your home directory volume’s UUID and its garbled base64 ID. The UUID part is easy. In a terminal, type
$ diskutil info /Users/username
and search for an entry called ‘Volume UUID’. To get the second, base64-encoded ID, do the following:
- Open a Finder window.
- Drag your home directory into the Finder’s toolbar.
- Close the Finder window.
- Open ~/Library/Preferences/com.apple.Finder.plist, and search for a section called TB Item Plists. Look for an entry that contains the path to your home directory and copy the <data> part of the CFURLAliasData section as the Volume ID.
Now insert those two IDs into your com.apple.TimeMachine.plist and reboot. Your home directory should be backed up unencrypted in the future. You’ll find it on the top level of your backups, next to ‘Macintosh HD’. Make sure it’s there, of course.
You can find the original thread on the Apple support forums here. I did write about a different approach before, but it’s not Time Machine and I couldn’t get Carbon Copy Cloner to automatically mount my network share.