Using Carbon Copy Cloner 4 to create encrypted bootable HFS+ clones from APFS source
Background
According to the Carbon Copy Cloner documentation CCC4 cannot clone the Recovery HD from an APFS source to an HFS+ target:
Note: CCC v4 requires an HFS+ formatted source for creating Recovery HD volumes on HFS+ formatted destination volumes. If your source volume is formatted APFS, CCC v4 will not be able to create (or update) a recovery volume on the destination. CCC v5 adds support for APFS recovery volumes.
According to other CCC documentation, spinning platter target disks should be formatted as HFS+:
Starting in macOS High Sierra, both APFS and Mac OS Extended (Journaled) are acceptable formats for a backup of macOS 10.13. Mirroring Apple's recommendations, we recommend that you choose APFS if your destination device is a Flash storage-based device (e.g. an SSD) and will be used to back up 10.13 or higher. Choose Mac OS Extended (Journaled) if your destination device is a spinning-platter-based device (i.e. a hard disk drive, or HDD), or if you are backing up an operating system older than 10.13.
Anyone who's upgraded to High Sierra with an SSD internal disk knows that your startup disk was automatically updated from HFS+ to AFPS as part of that upgrade.
A Recovery HD on an external clone might not seem like that big of a deal: you could use a bootable USB thumb drive, or maybe Internet Recovery, if needed. However, FileVault requires a Recovery HD in order to encrypt the volume, according to Apple's support documentation:
Without a Recovery System, FileVault won't encrypt your startup drive. https://support.apple.com/en-us/HT204837
You don't need a recovery system to install and use macOS, but without it you can't use FileVault, set up a firmware password, or use Disk Utility to repair the disk. https://support.apple.com/en-us/HT201316
The Question
Given all of this, how can I create a bootable, encrypted clone of my APFS High Sierra source drive using Carbon Copy Cloner 4 (CCC4) and using external HFS+ disks?
Solution 1:
Here's what worked
- Download the High Sierra installer from the App Store.
- Run the installer, choosing the external clone disk as the target. This will automatically create a new Recovery HD partition associated with the target disk.
- Reboot from the external disk. Hold down
option
key during startup to select the boot disk. - Enable FileVault encryption as usual from the Security & Privacy panel in System Preferences.
Additional Notes
- You can reboot from your internal drive for better performance, after enabling FileVault on the external. The encryption task will continue as long as you're plugged into power and the external disk is connected.
- It may take several hours, or even days, before encryption is done, depending on the volume of data to be encrypted.
- You can view encryption task progress using the Terminal command
diskutil cs list
What didn't work
There are some articles posted about how to clone the internal disk Recovery HD volume to any other drive, but I didn't have success with them:
$ diskutil list
/dev/disk0 (internal, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.3 GB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_APFS Container disk1 499.4 GB disk0s2
/dev/disk1 (synthesized):
#: TYPE NAME SIZE IDENTIFIER
0: APFS Container Scheme - +499.4 GB disk1
Physical Store disk0s2
1: APFS Volume Mac-HD 431.9 GB disk1s1
2: APFS Volume Preboot 22.9 MB disk1s2
3: APFS Volume Recovery 518.8 MB disk1s3
4: APFS Volume VM 2.1 GB disk1s4
$ sudo hdiutil create ~/Desktop/Recovery_HD.dmg -srcdevice /dev/disk1s3
hdiutil: create failed - No such file or directory
I didn't find any articles that specifically addressed the case where the source disk is APFS format.