Comments on: Lion’s Whole-Disk Encryption Official blog of Red Sweater Software Wed, 11 Jul 2012 14:01:25 +0000 hourly 1 By: Albert P. Tue, 08 Nov 2011 10:39:24 +0000 I got back all my stuff.

Just to let everybody know in case that this happens to other people.

I think that the reason that this encryption failed was because I interrupted to encryption process in the middle.
I thought that this was going to be like in the Filevault 2 encryption in Settings, that if you reboot the machine, as soon as you are logged in again, it simply continues.

For any reason, the encryption failed and it didn’t continue and was stacked in the middle of the encryption process. This was the reason of my problem of not being able to decrypt my hard-drive after login, and also what made possible that I’ve been able to get all my stuff back.

For the operating system this was an encrypted hard-drive. The password didn’t work because the encryption process didn’t finnish so for some reason, to put the right decryption password didn’t work.

Then I used Data rescue 3, as the hard-drive was not completely encrypted, for this application was still possible to reach all the not yet encrypted data. After scanning the hard-drive for several hours, Data Rescue 3 found all the stuff there with the right folder hierarchy and from there I was able to get back all my stuff.

Just in case this could help anybody in a similar situation.

By: Daniel Jalkut Sun, 06 Nov 2011 21:12:52 +0000 What a bummer, Albert. Sorry about your summer photos! Sounds like that is the biggest loss here.


By: Albert P. Sun, 06 Nov 2011 21:06:31 +0000 Thanks Daniel for your help but I’m afraid I won’t get it. At least after having checked other DATA Sources I have, at the end I only lost my Music Library and my pictures from this summer.

These are the outputs of the Diskutil command when trying to unlock or revert the corrupted volume:

MACPRO:~ admin$ diskutil coreStorage unlockVolume EA8ABC17-974A-4439-BF42-AE48F0107F51
Started CoreStorage operation
Error: -69749: Unable to unlock the Core Storage volume

MACPRO:~ admin$ diskutil coreStorage revert EA8ABC17-974A-4439-BF42-AE48F0107F51The given UUID is a not a CoreStorage Logical Volume UUID

MACPRO:~ admin$ diskutil coreStorage unlockVolume E00D40CF-9796-44C1-8B2A-BFE7CDB14695
E00D40CF-9796-44C1-8B2A-BFE7CDB14695 is not a CoreStorage Logical Volume UUID

MACPRO:~ admin$ diskutil coreStorage unlockVolume E00D40CF-9796-44C1-8B2A-BFE7CDB14695
E00D40CF-9796-44C1-8B2A-BFE7CDB14695 is not a CoreStorage Logical Volume UUID

It looks like it is definitively corrupted.

Thanks anyway Daniel :)

By: Daniel Jalkut Sun, 06 Nov 2011 18:09:55 +0000 Albert, I’m not really sure what your best bet is here. It would probably be a good idea first of all to NOW do a full bit-for-bit duplication of the volume, before you try any other recovery techniques. Then I would probably continue work on the duplicate drive, just to leave the original in pristine shape in case you need to bring in experts.

One of the things I’d try on a safe backup of the volume would be to ask diskutil to “decrypt” the volume that is currently showing up as “Converting”. Maybe that will jog it to give up on the process and convert whatever portion is already converted back to normal?


By: Albert P. Sun, 06 Nov 2011 11:29:22 +0000 Thanks Daniel.

This is the output:

+– Logical Volume Group 71245A9D-16A7-4223-A190-298004FCBB1E
Sequence: 1
Free Space: 0 B (0 B)
+- Logical Volume Family E00D40CF-9796-44C1-8B2A-BFE7CDB14695
Sequence: 6
Encryption Status: Locked
Encryption Type: AES-XTS
Encryption Context: Present
Conversion Status: Converting
Has Encrypted Extents: Yes
Conversion Direction: forward
+-> Logical Volume EA8ABC17-974A-4439-BF42-AE48F0107F51
Disk: -none-
Status: Locked
Sequence: 4
Size (Total): 973503901696 B (973.5 GB)
Size (Converted): -none-
Revertible: Yes (unlock and decryption required)
Content Hint: Apple_HFS

I think the the problem is that I rebooted without having finished the process. I thought it was like the Standard Filevault process in Settings. That once rebooted, it would have continued. But it looks like not, that if you reboot in the middle or the process, then you get a partially encrypted disk that can’t be accessed or decrypted.

By: Daniel Jalkut Sun, 06 Nov 2011 04:29:22 +0000 Hi Albert – sorry to hear about your conundrum. I’m afraid I don’t know what the disaster recovery options are, in detail. Hopefully somebody else will have ideas and chime in.

It would be worth at least checking whether:

diskutil cs list

Returns any information about your “lost” volume. Maybe it will show that it’s still in progress of being converted, and you just need to wait it out since you restarted while it was still converting.


By: Albert P. Sat, 05 Nov 2011 18:51:41 +0000 Hey guys, I’m desperate. I followed all these steps carefully and now I can’t access my secondary disk that I just encrypted. The password I set is not accepted. It is not that the password is wrong, something happened during the encryption that makes the disk now completely unreachable.

some minutes after executing the command: “% diskutil cs convert /Volumes/Data -passphrase [yourPasswordHere] “. I rebooted the machine and now I think that because of this, the encryption process got corrupted and now there is no way to fix this.

In this disk I had very important stuff that now it looks like it is lost forever. Ye, I backed this stuff up but as I’m a bit retarded, by mistake I left the back up (sparse image in the same disk thinking it was another one.

the question is. What could I do? Is there anything that I could try?

To revert the process, to change the password, to re-encrypt on top?

Any help would be highly appreciated.

Thanks in advance.

By: HDD Sat, 29 Oct 2011 16:57:55 +0000 Last time I tried to use the data encryption included with a cheap external hard drive I ended up losing all the data – I’ll have to try it your way next time. >_<

By: roland Thu, 18 Aug 2011 21:04:29 +0000 @Daniel – thanks. Appreciate the write up, will be a great help.

By: Daniel Jalkut Thu, 18 Aug 2011 20:55:34 +0000 @roland – Yes, I was. However, I don’t know if this is advised or not. I had suitable backups in place before I did the conversion.