beware of Lions

30 08 2011

I’m one of the brave guys who updated it’s MacBook Pro to MacOS X 10.7 (aka Lion).

Main reason (apart from being a fan boy and pain seeker) is the full disc encryption (FDE) that is now build in. It replaces the basically useless FileVault that was in place before Lion.

In principle the FDE works fine once you enabled it. It can be turned on later and run’s in the background without drawing noticeable performance.

But last week, out of curiosity, I started the disk utility to check if my volume is still healthy. DiskUtility stated that my partition needs a repair. As Lion now’s got a recovery partition with a basic operating system and tools I thought this is an easy task. I’m such an optimist…

Booting into the recovery OS is easy. Just press Command + R during boot. Then started the DiskUtility from the there. Of course my main partition is still encrypted at this point, but the DiskUtility has got an “unlock” button.

Just my password for the disc encryption doesn’t seem to work. My initial thought was the special characters in my password. I noticed that the keyboard layout was set to english. One could pick German from the little flag in the upper right corner. But it will instantly snap back to US English. First bug…

So I booted up in the normal OS again to change my FDE password to something more simple. Bootet again into the Recovery OS and tried to unlock the partition. No luck either. I also noticed that the password hint field is empty although I explicitly typed in something initially.

Out of curiosity I tried to change the password from the DiskUtility of the Recovery OS. It accepted the password (the new one) I typed in as well as the new password without complains. Let alone I still couldn’t unlock the FDE partition with any of those passwords.

So I decided to start the main OS in single use mode (press Command + S during boot) to do a manual repair (/sbin/fsck -fy). Guess which password could open the encrypted partition? Right, non of my new password could decrypt the partition. Instead my original password still worked. At least the manual repair did work without any problems.

Conclusion: FDE seems to work (OK I didn’t actually checked the bytes on the disk if they are really encrypted). But the tools to deal with FDE seems fundamentally broken in 10.7.1

encrypted TimeMaschine – never ending story

5 03 2011
  deutsch

In a previous article I described how to setup an encrypted TimeMachine Backup. That used to work fine until a few month ago. I noticed back then that the automatic scheduled backup can’t seem to mount the encrypted volume anymore. However when I click on the TimeMachine icon in the menu bar and select “Backup Now” it will work just fine.

I couldn’t figure out what was the root cause of this behavior. But at least I found a workaround now. There is a free tool to change the schedule of the TimeMachine backups called TimeMachineEditor. This uses an alternate scheduling mechanism to trigger regular backups. I set the schedule to be 1h and it works just fine now.


