Time Machine: Enable encryption on a locally connected disk without deleting the existing content of said disk?
Solution 1:
According to Apple's support documentation, you need to remove the disk and re-add it as an encrypted disk:
- Choose Apple menu > System Preferences, then click Time Machine.
- Click Select Disk or Add or Remove Backup Disk (if you have multiple backup disks).
- Select your backup disk, then click Remove Disk.
- Set up the disk again as an encrypted backup disk.
Solution 2:
Time Machine uses a disk image if you are backing up over the network (e.g. to a file server, Time Capsule, or something like that); if you opt to encrypt these backups, it uses an encrypted disk image. If you are backing up to a directly connected volume (e.g. FireWire), it just stores the backup files in a folder (backups.backupdb) on the volume; if you opt to encrypt these backups, it encrypts the entire volume (by formatting it in the Mac OS Extended (journaled, encrypted) format).
This means that if you want an encrypted (direct-connect type) backup, you need to encrypt not just the backup, but anything else on the backup volume. If you want some of the disk to store unencrypted files, you'd need to partition it into two volumes (and encrypt just one of them).
The good news is that it should be possible to convert the existing volume to the encrypted variant of Mac OS Extended without deleting its contents. This should leave your backup history intact. To do this, secondary-click (right-click or Control-click) on the backup volume's icon in the Finder, and choose 'Encrypt "<volumename>" from the shortcut menu. It'll prompt for a password and hint, then begin converting the volume over to encrypted format. The volume will still be usable during the conversion, except for a short period when it's unmounted and then remounted in the new format. You can even unmount, shut down, sleep, etc as it encrypts, but all of these will pause the encryption process (until you remount/restart and mount/wake/whatever) and your data is not fully protected until the encryption process has finished.
Warning: I haven't tested this very extensively. I did a quick test on a spare computer, and after conversion it recognized the entire backup history & seamlessly added new snapshots to the backup. But there's a possibility it might not always work, so I can't make any promises.