В OS X Lion появился менеджер томов CoreStorage. Пока его возможности достаточно скромны. В дальнейшем же CoreStorage будет очень активно развиваться.

Я хочу создать на новом диске два зашифрованных логических раздела.

Диск пуст:

$ diskutil list
/dev/disk4
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                                                   *500.1 GB   disk4

Создаю Logical Volume Group. Синтаксис:

Usage:  diskutil coreStorage create lvgName
        MountPoint|DiskIdentifier|DeviceNode ...
Create a CoreStorage logical volume group from one more more disks.
The specified disks will become the initial set of PVs.
All existing data on the drive will be lost.
Ownership of the affected disk is required.
Example: diskutil coreStorage create MyLVG disk1

Команда:

$ diskutil corestorage create lvgCS disk4
Started CoreStorage operation
Unmounting disk4
Repartitioning disk4
Unmounting disk
Creating the partition map
Rediscovering disk4
Adding disk4s2 to Logical Volume Group
Creating Core Storage Logical Volume Group
Switching disk4s2 to Core Storage
Waiting for Logical Volume Group to appear
Discovered new Logical Volume Group "332FA822-E709-42BD-819F-38D846BBBFB2"
Core Storage LVG UUID: 332FA822-E709-42BD-819F-38D846BBBFB2
Finished CoreStorage operation

Создаю зашифрованный Logical Volume. Синтаксис:

Usage:  diskutil coreStorage createVolume lvgUUID type name size
        [-stdinpassphrase | -passphrase [passphrase]]
Add a new logical volume to a CoreStorage logical volume group.
Type is the file system to initialize on the new logical volume. Valid types
are Journaled HFS+ or Case-sensitive Journaled HFS+ or their aliases.
Size is the amount of space to allocate from the parent logical volume group.
Valid sizes are floating-point numbers with a suffix of B(ytes), S(512-byte-
blocks), K(ilobytes), M(egabytes), G(igabytes), T(erabytes), P(etabytes),
or (%) a percentage of the current size of the logical volume group.
Example: diskutil coreStorage createVolume
         11111111-2222-3333-4444-555555555555 jhfs+ myLV 10g

Команда создания первого раздела размером в 60% от родительского LVG (UUID LVG взял в результатах предыдущей команды):

$ diskutil corestorage createvolume 332FA822-E709-42BD-819F-38D846BBBFB2 \
    jhfs+ lvCS1 60% -stdinpassphrase
Passphrase for new volume: ***********
Started CoreStorage operation
Waiting for Logical Volume to appear
Formatting file system for Logical Volume
Initialized /dev/rdisk3 as a 279 GB HFS Plus volume with a 24576k journal
Mounting disk
Core Storage LV UUID: 11391E12-477A-44DA-AE48-F92B74C2512B
Core Storage disk: disk3
Finished CoreStorage operation

Команда создания второго раздела размером в 40%:

$ diskutil corestorage createvolume 332FA822-E709-42BD-819F-38D846BBBFB2 \
    jhfs+ lvCS2 40% -stdinpassphrase
Passphrase for new volume: ***********
Started CoreStorage operation
Waiting for Logical Volume to appear
Formatting file system for Logical Volume
Initialized /dev/rdisk5 as a 74 GB HFS Plus volume with a 8192k journal
Mounting disk
Core Storage LV UUID: B07706D0-8A64-4952-BB16-D5DEC2691687
Core Storage disk: disk5
Finished CoreStorage operation

Смотрю, что получилось:

$ diskutil corestorage list
+-- Logical Volume Group 332FA822-E709-42BD-819F-38D846BBBFB2
    =========================================================
    Name:         lvgCS
    Sequence:     3
    Free Space:   119907090432 B (119.9 GB)
    |
    +-< Physical Volume 0C7E6C96-6890-49ED-9B70-2D66789A34CE
    |   ----------------------------------------------------
    |   Index:    0
    |   Disk:     disk4s2
    |   Status:   Online
    |   Size:     499763888128 B (499.8 GB)
    |
    +-> Logical Volume Family 04AE431E-3C70-4F48-8F60-885ED7121980
    |   ----------------------------------------------------------
    |   Sequence:               2
    |   Encryption Status:      Unlocked
    |   Encryption Type:        AES-XTS
    |   Encryption Context:     Present
    |   Conversion Status:      NoConversion
    |   Has Encrypted Extents:  Yes
    |   Conversion Direction:   -none-
    |   |
    |   +-> Logical Volume 11391E12-477A-44DA-AE48-F92B74C2512B
    |       ---------------------------------------------------
    |       Disk:               disk3
    |       Status:             Online
    |       Sequence:           2
    |       Size (Total):       299767734272 B (299.8 GB)
    |       Size (Converted):   -none-
    |       Revertible:         No
    |       LV Name:            lvCS1
    |       Volume Name:        lvCS1
    |       Content Hint:       Apple_HFS
    |
    +-> Logical Volume Family 18E88D4F-FF92-4E31-AB2C-75F175DDAB63
        ----------------------------------------------------------
        Sequence:               2
        Encryption Status:      Unlocked
        Encryption Type:        AES-XTS
        Encryption Context:     Present
        Conversion Status:      NoConversion
        Has Encrypted Extents:  Yes
        Conversion Direction:   -none-
        |
        +-> Logical Volume B07706D0-8A64-4952-BB16-D5DEC2691687
            ---------------------------------------------------
            Disk:               disk5
            Status:             Online
            Sequence:           2
            Size (Total):       79938060288 B (79.9 GB)
            Size (Converted):   -none-
            Revertible:         No
            LV Name:            lvCS2
            Volume Name:        lvCS2
            Content Hint:       Apple_HFS

Размонтирую разделы через Finder, подключаю диск повторно. Разделы зашифрованы:

    +-> Logical Volume Family 04AE431E-3C70-4F48-8F60-885ED7121980
    |   ----------------------------------------------------------
    |   Sequence:               2
    |   Encryption Status:      Locked
    |   Encryption Type:        AES-XTS
    |   Encryption Context:     Present
    |   Conversion Status:      NoConversion
    |   Has Encrypted Extents:  Yes
    |   Conversion Direction:   -none-
    |   |
    |   +-> Logical Volume 11391E12-477A-44DA-AE48-F92B74C2512B
    |       ---------------------------------------------------
    |       Disk:               -none-
    |       Status:             Locked
    |       Sequence:           2
    |       Size (Total):       299767734272 B (299.8 GB)
    |       Size (Converted):   -none-
    |       Revertible:         No
    |       LV Name:            lvCS1
    |       Content Hint:       Apple_HFS

Можно разблокировать разделы командой “diskutil corestorage unlockvolume”, а можно ввести пароль в приглашении:

Для смены пароля нужно сначала размонтировать раздел, а потом выполнить команду:

Usage:  diskutil coreStorage changeVolumePassphrase|passwd lvUUID
        [-recoverykeychain file] | [-oldpassphrase old]
        [-newpassphrase new] | [-stdinpassphrase]
Change an encrypted logical volume's password. Beyond the CoreStorage UUID,
you will be prompted interactively for parameters that you do not specify.
Parameters must be given in the above order.
Example: diskutil coreStorage changeVolumePassphrase
         11111111-2222-3333-4444-555555555555

Процесс смены:

$ diskutil corestorage changeVolumePassphrase 11391E12-477A-44DA-AE48-F92B74C2512B
Old passphrase:
New passphrase:
Repeat new passphrase:
Started CoreStorage operation
Logical Volume passphrase has been changed
Core Storage LV UUID: 11391E12-477A-44DA-AE48-F92B74C2512B
Finished CoreStorage operation

У команды diskutil есть и скрытые команды из группы corestorage, их можно посмотреть в статье ”Undocumented CoreStorage Commands”.