Restoring a PGP WDE Encrypted drive

When using PGP (now owned by Symantec) Whole Disk Encryption (WDE) to encrypt your system drive, there are some hoops to jump through to do a system restore from backups. If you backup your system drive using SuperDuper! or Carbon Copy Cloner, then your backups will not be bootable. There are some things you need to do to the backup copy before the drive will boot again and you can re-encrypt.

The problem is that PGP WDE creates a extra partition on your drive, usually at slice 3 (ie. /dev/disk0s3) that contains a copy of the /System/Library/CoreServices directory of your existing Boot Volume which is typically /dev/disk0s2. This copy is unencrypted and used to boot the OS, and load the PGP WDE drivers which can then access your encrypted /dev/disk0s2 partition (ie your main drive). Backup tools such as SuperDuper do not copy this extra partition to the new drive/image, but the drive is still blessed to boot from /dev/disk0s3, which no longer exists. To fix the problem, mount the restored volume. If you cannot access the backup/restored drive from an operating mac, then you need to boot your Mac using your OSX install DVD. Once you have booted the install DVD, choose the Utilities menu and select Terminal. Mount your drive by typing:

diskutil mount disk1

This should mount it under /Volumes/MacIntosh HD
or whatever the name of your volume is.

So there are two tasks we need to perform, using a single command. We need to set the boot partition as /dev/disk1s2 rather than /dev/disk1s3 (substitute the disk? number for your drive – make sure you get this right – if unsure, seek assistance from an expert). The other task is to re-enstate the original apple boot.efi file, overwriting the pgpboot.efi file. The pgpboot.efi is not required because the drive is no longer encrypted (at this stage). So execute the following command:

cd /Volumes/<mount point>
sudo bless --folder System/Library/CoreServices/ --bootefi System/Library/CoreServices/appleboot.efi --setboot

Now the drive should be bootable once again.

Once you have rebooted the drive, you can use the PGP tools to encrypt the drive again as was done previously.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s