Backup encryption woes

My main machine has a 1 TB SSD of which about 650Mb is used. My back-up regime has been 3 x 2TB 2.5" USB disks. Each USB disk is partitioned into 2 x 1 TB partition. One encrypted partition is for Time Machine and the other is for a ChronoSync bootable clone. I have one ‘shelf backup’ the last back up before the annual MacOS update, which then stays untouched for a year, and the other two disks are rotated fortnightly.

The problem is that since the upgrade to Catalina, ChronoSync does not work on an encrypted partition, so I have not been able to make a bootable clone on an encrypted partition. This makes me nervous as someone could have access to my data if the get their hands on one of my disks!

I am considering repartitioning the three HDDs as one big 2 TB encrypted partition - all for time machine. Sacrificing the Bootable Clone, but regaining encryption and peace of mind.

Before I do so and thoughts suggestions, alternatives?

Also if this is the best strategy, is there a way to merge the 2 1TB partitions into 1 x 2TB without wiping all the data on the existing Time Machine partition?

Many thanks.

CCC is fully qualified for use with FileVault-protected volumes (HFS+ and APFS). CCC offers some advice around enabling encryption in the Disk Center.

https://bombich.com/kb/ccc5/working-filevault-encryption

What I have is one 3TB drive (a Airport Time Capsule) and two 2TB bootable clones made with SuperDuper. I rotate the clones on “important” occasions (e.g. returning from a trip, completing a major project, etc).

Well, maybe, but you’re gonna have to format the discs as APFS anyway, right?

Some time back I tested my CCC clone to an encrypted drive and had difficulty booting from it on another Mac. Didn’t have time to figure it out at the time so just decided to take the risk with an unencrypted clone. I usually keep the backup in a fire safe.

My backups: Encrypted TimeMachine at work and at home and a weekly encrypted data-only (non-bootable) CCC clone at home. I understand the appeal of bootable clones, and there may be a time when I create one again, but I find them more trouble than they’re worth (for me and to me), especially with T2 based Macs and Catalina.

My data at rest is always encrypted while it’s in my keeping. There are absolutely no exceptions to that rule.

Unless things have changed I’m not aware of any way of merging Time Machine backups. The last time I checked you could not even clone a TM drive.

I was not aware that Chronosync would not backup to an encrypted drive. I do use CS to backup to encrypted sparsebundles on an unencrypted drive.

And, instead of a bootable clone of my mac that gets updated periodically, I keep a clean install of Catalina, with my applications, on a Samsung T-5 SSD. If needed it takes a bit of extra time, to restore my user directory & data, but eliminates the need to keep it updated.

I can agree with the issues with T2 equipped Macs. Those of us with older hardware can be well served by having a bootable clone. A couple of years ago my 2011 MBP finally suffered from the common GPU failure. Would not boot. We had recently replaced my wife’s iMac so her old one was just sitting around with nothing to do. Used my clone that was backed up the night before and was back up and running in a very short time.

I just like having a clone made before major hardware or software upgrades.

“You can back up from an HFS+ or APFS-formatted disk to an HFS+ disk; however, Time Machine can’t back up to an APFS-formatted disk. If you select a back up disk formatted as APFS, Time Machine offers to reformat it as HFS+“

You are correct. I was thinking of the clone disks.

Yet.

https://9to5mac.com/2020/06/26/apple-apfs-encrypted-drive-support-apfs-time-machine-backups/

Yet! Maybe TM is in line for a little love. Hope so.
But I’ll never trust it again to be my only local backup. I’ve seen it fail me and others too many times.