2

Our entire organization requires PGP Whole Disk Encryption (WDE) to be used on all laptop and desktop computers. For Macs running Mac OS X 10.5 or later that are using Time Machine, the (local) Time Machine backup disk must also be encrypted.

One of the promises of Time Machine is that, in the event that your boot drive fails, you can replace it with a new, empty disk, boot from the DVD that came with the Mac, and restore the boot volume contents from the Time Machine backup disk onto the empty disk.

Unfortunately, in our case, since the Time Machine backup disk is also encrypted using PGP WDE, the boot DVD cannot read it and therefore cannot recover data from it. There are several obvious sloutions that I've read about on the web, including:

  • Create a bootable DVD or hard disk that is the same as the DVD that came with the Mac, except that it also has PGP WDE installed.

  • Boot the Mac that has the failed drive in FireWire target disk mode, then connect it to another Mac that has PGP WDE installed and use that Mac to decrypt the Time Machine volume. Then follow the usual DVD-based Time Machine recovery procedure.

These both sound like they should work. What I'm looking for is a testimonial from someone who has actually done it at least once, using one of these techniques or another one, and seen it work. Please also provide as much detail as you can for the technique that you used. (E.g., if you created a bootable DVD with PGP WDE installed, what software did you use to make it?)

John Siracusa
  • 738
  • 7
  • 12

2 Answers2

3

I haven't done this exactly, but something similar. What I would do is:

  1. Install a fresh OS X on your new drive.
  2. Patch to the same level as your old drive.
  3. Install WDE and whatever else you need.
  4. Hook up your Time Machine disk, use the Migration Assistant (/Applications/Utilities/Migration Assistant) to import things from the disk.
  5. Start Time Machine again to back up to that disk.
Bill Weiss
  • 10,782
  • 3
  • 37
  • 65
  • 1
    That's a great idea. I'm still waiting for an answer from someone who has actually done it, however. But you still get my up-vote. – John Siracusa Jul 09 '09 at 17:12
  • I did this with a Mac, just with different software than PGP. Similar enough? Maybe. It's worth trying while you wait for another answer :) – Bill Weiss Jul 09 '09 at 17:35
  • Actually, now that I think about it, I'm a bit concerned that this technique won't get "everything" from the Time Machine backup (e.g., stuff under /usr/local) – John Siracusa Jul 09 '09 at 17:38
  • Good point. I'm not sure how (if at all) the Migration Assistant does that. – Bill Weiss Jul 09 '09 at 20:25
1

Further Googling has revealed an actual testimonial with instructions. I will leave this question open (rather than accepting my own answer) for some corroboration.

John Siracusa
  • 738
  • 7
  • 12