This page contains information for LBackup developers regarding the simplification of Backup of Mac OS X FileVault users. Please note that the information on this page reefers to FileVault version one which is found in Mac OS X 10.6.x and Mac OS X 10.5.x. Newer versions of Mac OS X offer full disk encryption called FileVault 2.

Re-Encrypt files to a new sparse image/bundle.

The current approach is to create a separate directory which will contain links to standard users and also to sparse bundle images of users who have FileVault enabled.

• KISS (simple pre-backup script written specifically) / Full Integration and support for FileVault
  • Implementing a solid simple solution is the obvious choice. However, there are issues which must be resolved before this will be possible. No one wants to write or maintain machine specific scripts. It is possible to ignore files beginning with a period and also the specific path to the users sparse image when logged out.
• How to handle links in this hierarchy while a backup is in progress and a user is logging in or out.
• Client side command will need to be added to the LBackup wrapper if we are building a pseudo file Users directory.
• It will also be necessary to monitor the system for FileVault user logins and logouts, this task may be best dealt with by a daemon.

• _{Currently implementation has begun on the linking system. Development of the user login/logout checking system has not begun yet.}

• Is backing up a sparse bundle image while it is mounted, mounting or un-mounting going to cause issues.

• http://macosx.com/article/live-filevaultsparse-bundle-backups-in-leopard.html
• http://securosis.com/2006/11/10/mac-filevault-encryption-update/

• http://macslash.org/article.pl?sid=07/11/09/1231213

Murphy's Law states that something is going to go wrong during a backup. Therefore, LBackup needs to detect these errors, recover from them and report them to the backup administrator. If you find an error which is not currently detected by please report the error

• Verification of the FileVault sparse bundle.
  • Mount the Image
  • Run the hdiutil verify command
• Verification of all backed up sparse bundles and images.
  • Takes longer, but may catch potential problems before they escalate.

• Fixing a corrupted sparse image
• General sparse bundle information
• Fixing a broken FileVault (upgrade from 10.4 to 10.5)
• NSA FileVault Analysis
• Tardis Backup
• General FileVault information
• Apple Context Technote

It should be possible to come up with an elegant solution to these issues. However, currently the biggest issue is dealing with the links during login and logout. Because a sparse bundle image is actually a directory, we can not hard link against this. Instead, another system will need to be implemented, even if this is a launch daemon, which checks for long or logout and fixes the links.

Probably the best idea is to only backup when the image is mounted or not mounted. Not during and once an option is selected just stick with this. More testing will reveal any other ways to perform the backup.

It may be a good idea to begin looking at ways to detect login and logout while the backup is running on client machines, this way more control may be offered in the configuration system, regrading keeping the backup going when logged in or pausing the backup of a User home directory until logout, with reporting to the administrator regarding the delays to the backup.

If you are interested in working on the LBackup project please contact us. We look forward to your input.

• Encrypted Backups