I don't really like TrueCrypt. But it's the quasi standard to encrypt (external) storage which is to be attached to different operating systems. Yes, its license is kinda fishy; OSI approval has been withdrawn too. But after all, TrueCrypt is available for Windows, MacOS X and GNU/Linux (x86). And lacking the skillz to write my own halfway-portable encryption wrapper myself, I'm stuck with it. That being said, there's still the quest for the optimal filesystem: I'd need a POSIX like filesystem, providing symlinks, honoring ownerships and permissions and perhaps with journaling on top. And I need read and write support.
FAT - not a chance
NTFS - crappy symlink implementation, no (stable) MacOS driver
UFS - it's dead, Jim. Also: no stable write support in the Linux kernel.
ZFS - almost! It's even included in MacOS 10.5, but only as a read-only version. There's a ZFS project on macosforge.org, but it lists MacOS 10.5 as a requirement and I'm still on 10.4 on my PowerBook :-\
HFS+ - well, that's it I guess. Comes with all the features required, write support under Linux is pretty stable, not sure about journaling support under Linux though.
Anyway, the real question was: how do I convince Truecrypt to format my new volume as HFS+, but with journal, case-sensitivity and enabled ownerships?
Here it is:
Create a new volume in TrueCrypt, just choose "none" when it wants to format your volume. Actually, it does not matter, as we're gonna reformat anyway.
Use Truecrypt to "mount" the volume, but before doing that click "Options" in the mount-dialog and check "do not mount" - the wording is kinda sucky, yes.
Now TrueCrypt should have activated your volume, but not mounted. We'll now format (and partition) our activated device:
Here it is:
$ diskutil disk6 /dev/disk6 #: TYPE NAME SIZE IDENTIFIER 0: disk6 *931.2 Gi disk6 $ diskutil partitionDisk disk6 1 GPTFormat "Case-sensitive Journaled HFS+" disk6 100% Started partitioning on disk disk6 disk6 Creating partition map Formatting disk6s2 as Mac OS Extended (Case-sensitive, Journaled) with name disk6 [ + 0%..10%..20%..30%..40%..50%..60%..70%..80%..90%..100% ] Finished partitioning on disk disk6 /dev/disk6 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *931.2 Gi disk6 1: EFI 200.0 Mi disk6s1 2: Apple_HFS disk6 930.9 Gi disk6s2 $ diskutil rename /dev/disk6s2 disk6s2 $ diskutil list disk6 /dev/disk6 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *931.2 Gi disk6 1: EFI 200.0 Mi disk6s1 2: Apple_HFS disk6s2 930.9 Gi disk6s2We can now deactivate the device with TrueCrypt ("unmount") and mount it again - this time for real. We still have to enable the ownership model though:
$ vsdbutil -c /Volumes/disk6s2 No entry found for '/Volumes/disk6s2'. $ vsdbutil -a /Volumes/disk6s2 $ vsdbutil -c /Volumes/disk6s2 Permissions on '/Volumes/disk6s2' are enabled. $ diskutil info disk6s2 [...] Device Identifier: disk6s2 Device Node: /dev/disk6s2 Mount Point: /Volumes/disk6s2 File System: Case-sensitive Journaled HFS+ Journal size 81920 KB at offset 0x1d19000 Owners: Enabled Partition Type: Apple_HFSNow we can really start using it. I still wonder why TrueCrypt (or MacOS X) defaults to case-insensitivity and does not enable the ownership model by itself.