Wednesday, August 20, 2008

OS X Full Disk Encryption: How to reimage a machine

A while back I borrowed a MacBook from a co-worker so that I could get started testing Full Disk Encryption for OS X. FDE is Checkpoint's version of Pointsec for Macs. I had a 30 day evaluation license, so I applied the software and wrote a couple blog entires about it. Then I got my own MacBook and gave back the one that I borrowed.

Today that coworker came to me with a question about FDE. It seems that once you've installed FDE you can't just install OS X over the top when you're ready to reimage. He booted the MacBook from the installation CD, but when it came time to select the drive that you want to install it on, he got this error.

Let me start by apologizing for the quality of the pictures in this post. Since I don't have OS X running on any virtual machines, I can't just do a screen capture. What you're seeing is the pictures I took with my cell phone. I know, it sucks.
So I called up Checkpoint support to see if they had any ideas. First I waited on the phone for 20 minutes to talk to someone, which is unusual because I typically get a response right away when I call. I also had to deal with the problem I've been having getting my support contract bound to my support account. Even though it has been two months, they still can't seem to recognize that I have support. After I got through all of that, the support technician told me that I would probably have to decrypt the drive using my recovery file and then install OS X.
I was not satisfied with this answer, and I decided that I was going to play around a bit and see if I couldn't come up with something faster, and I did. I booted the computer from the installation CD, but this time I went up to the menu at the top, clicked on Utilities and then Disk Utility. Disk Utility showed me that the hard drive had been partitioned by FDE into a small boot loader and a large encrypted drive. I simply changed the partition scheme to one partition, named the volume Macintosh HD, and set the format to Mac OS X Extended (Journaled). The formatting process took all of 30 seconds, and when I quit Disk Utility I was able to install OS X on the hard drive again. Problem solved.


Anonymous said...

I am so happy I have XP ;-)

I am repairing PCs as a profession, reimaging tens a week. There is a produt from Reimage ( that does exactly that without deleting anything - not sure they have it for Mac.

try it out.

-- Jason

Anonymous said...

This is useful information. Thanks for posting it in your blog.

You can grab these screen shots with Apple + Sh + 4

We are not finding a significant impact with Pointsec on the Mac except when it is encrypting. I tell users it is like having virus software installed. Probably there is a small impact but you get used to it.