File Share Encryption

 View Only

  • 1.  "Un-bricking" a prior PGP encrypted disk

    Posted Feb 09, 2011 03:12 PM

    System: PGP WDE 10.1.1 on MacOS X 10.6.6.

    Actions: Encrypted external disk with a single partition. Disk encrypted fine. Used disk successfully for a few months. Brought disk to another machine (without PGP installed) and used Disk Utility to wipe the partition and create another one. Used the now un-encrypted disk successful for a few months. Now I want to 're-encrypt' the same single partitioned external disk.  Encryption fails with "Error 12291:. Knowledgebase has no entries for this error #

     

    Some pgpwde command results (Disk 1 is the external disk I wish to re-enrypt with partition name of X-FACTOR):

     

    pgpwde --enum

     

    Disk 1 has 2 online volumes:

    volume disk1s1 disk1s1 is on partition 1 with offset 40 (excluded)

    volume disk1s2 X-FACTOR is on partition 2 with offset 409640 

     

     

    pgpwde --status --disk 1

     

    Disk 1 is instrumented by bootguard.

    Operation disk status failed:

    Error code -11976: corrupt data 

     

     

    pgpwde --uninstrument --disk 1

    Uninstrument Error

    Operation uninstrument disk failed:

    Error code -11976: corrupt data 

     

    So, I think I have a disk that can't be "uninstrumented" ... which means, I now have a disk that CANNOT be encrypted.

     

    This is NOT GOOD.  Unless I missed the instructions in the PGP WDE documentation that says "ONCE YOU USE WDE ON AN ENTIRE DISK, YOU CANNOT USE THE DISK FOR ANYTHING ELSE ..." I must be missing something.



  • 2.  RE: "Un-bricking" a prior PGP encrypted disk

    Posted Feb 09, 2011 07:04 PM

    When you erased the disk with disk utility did you erase it or re-partition it? If you only erased the disk the PGP Boot Guard is still on the the hard disk, you can verifiy this by using hexdump in terminal. 

    sudo hexdump -C -n 128 /dev/disk1

     

     00000000  eb 48 90 50 47 50 47 55  41 52 44 00 00 00 00 00  |.H.PGPGUARD.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|


  • 3.  RE: "Un-bricking" a prior PGP encrypted disk
    Best Answer

    Posted Feb 10, 2011 11:44 AM

    Sarah, good question.

    Re-partition did the obvious thing ... it was able to take the one (visible) partition, delete it, and then create a partition (I guess I could have created more than one ... but all I wanted was one so that is what I did).  No surprises here.

    Using "Disk Utility" to erase the 'entire disk' resulted in a ERROR.  Disk Utility reported "Disk Erase failed with the error: POSIX reports: The operation couldn't be completed. Cannot allocate memory."

    I tried to exercise re-format magic by using the diskutil command (command line ... very powerful magic!), but no luck. Diskutil failed with the "unable to unmount" error.

    I also tried Dive Genius (3) with no luck (I am beginning to think that purchase was a waste of $100).

     

    In a fit of exasperation I booted of the 10.6 Install disk, fired up Disk Utility and finally was able to format the silly external disk (and created one partition).  (Why couldn't Drive Genius do that??????? Grrrrr)  I then ran pgpwde --uninstrument -disk (disk#) ... AND SUCCESS "Request sent to Uninstrument disk was successful"

    Then I started PGP Desktop and was able to encrypt the whole drive  (well, re-encrypt the re-formatted and re-partitoned previously formatted, partitioned and encrypted drive).

    So, let this be a lesson to the wise(r than me).  DON'T fiddle with PGP WDE disks.  If you do you will have expensive bricks!  I also learned that great software isn't (so great) at times.  

    Hope that helps.