When Full-Disk Encryption Goes Wrong

This story is about full-disk encryption going bad, but it could just as easily be the hard drive dying, or another software bug that corrupts the disk.<p>If you have a Mac, get an AirPort Time Capsule. This gives you automatic, hourly backups. The importance of automatic cannot be overstated. If you have multiple Macs, they can all backup the same Time Capsule.<p>You can save a little money using an external hard drive, but how often are you (or your family members) going to remember to plug it in and run Time Machine? Once a week?

This is just another &quot;I dont have a backup...&quot; story. Let me provide better one:<p>1) full disk encryption<p>2) police takes your laptop<p>3) after six months you are asked to decrypt the harddrive<p>4) you dont remember 100 character password after all that time<p>5) you go to jail until you remember

With apologies to patio11, Backup backup backup BACKUP backup <i>BACKUP</i>. There are many, many bad things that can happen to your data, which can be mitigated with proper backups. Also test your backups.<p>Important even if you&#x27;re not using FDE, but by design FDE makes any data corruption significantly worse. Not an Apple specific problem, either. LUKS is actually specifically designed so that the master key is wrapped in a large all-or-nothing transform (anit-forensics) to make it exponentially harder to recover from a damaged header.

I&#x27;m not very familiar with FileVault, but does it not provide a recovery key when you set it up? (for writing down and stashing in a safe place or backing up to the cloud)<p>Every other FDE scheme I&#x27;ve ever seen does, accompanied by big scary &quot;WRITE THIS DOWN. IF YOU LOSE IT, AND THEN YOUR DISK GETS CORRUPTED, YOUR DATA IS GONE FOREVER&quot; warnings, and with good reason: yeah, if the master key sector is corrupted and you don&#x27;t have a backup, you&#x27;re screwed.

The upside of this is that if you want to very quickly destroy your data, all you need to erase is the master key securely.<p>This is true for LUKS on Linux as well. Destroy the LUKS header, you data is now forever gone.

I have a feeling that $2000 recovery service would have basically said the same thing had they encountered a corrupt GPT record or HFS+ superblock in a fully unencrypted disk as well.

Misleading title, should be &quot;When You Forget to Take Backups&quot;. FDE only (slightly) raises the stakes of not having backups by making a system (a little bit) more fragile.

OK recently my recovery volume&#x27;s HFSJ file system became corrupted in a way that prevented booting, similar to this story. Nothing could repair it, not Apple&#x27;s fsck_hfs (Disk Utility) nor Disk Warrior. I used dd to backup the recovery partition because I wasn&#x27;t sure if it contained anything vital for unlocking the encrypted volume. And then I proceeded to nuke that partition (I actually formatted the volume from a Fedora live image, and that issues a trim command prior to the format; and I followed that up with removing the partition with gdisk, so for sure there is no recovery HD volume data at all on this SSD)<p>Using a separate OS X boot volume I created a USB installer of El Capitan, booted that, went to Disk Utility, asked it to unlock the encrypted primary volume, using just the normal passphrase, and it worked. I then went back to the main menu to reinstall the OS; i.e. installing over the existing (newer) El Capitan installation. The installer took forever but it reinstalled the (older) OS version of El Capitan, created a new Recovery HD volume, and did not erase any of my data. And I could boot afterward.<p>So too bad this guy&#x27;s blog doesn&#x27;t accept comments or I&#x27;d tell him this directly and there&#x27;s a pretty good chance his data can be recovered intact.

It&#x27;s really important both to backup the FDE keys and have regular backups.<p>I lost a volume to BitLocker AES-XTS 256 earlier this year and luckily only lost a few days of work. I&#x27;ve since substantially improved my backups and even rotate a disk offsite weekly now.

&quot;When you forget to backup your files&quot; seems more appropriate.

What completely amazes me is how OS X doesn&#x27;t warn users to backup that block, constantly, until it&#x27;s done.<p>I use Arch, which is not beginner friendly, but the wiki states this in a big, red banner. I&#x27;d expect an end-user friendly OS to do the same once the password is set for the first time, and over and over again until the backup has been made.<p>Does Apple actually enjoy leaving all the user&#x27;s data to chance?

The sad part about this story is that time machine backups on OSX are so stupid simple and easy that it&#x27;s a tragedy he didn&#x27;t have them set up.<p>It&#x27;s an external USB drive I have plugged into my monitor. When I plug my laptop into the monitor at work it silently does its duty. I never even think about it until I need to recover a file that I just rm&#x27;d!

Sorry for being off-topic: my wife and I had our MacBooks stolen on the weekend and every ten minutes I think why in the hell didn&#x27;t I have FileVault turned on. Our whole lives were on those laptops and I cannot even fathom what sort of fallout to expect with our data out there.

For my work computer I regularly clone the disk to a identical HDD in an external dock using CloneZilla. It runs at night. Along with incremental data backups I can swap in the cloned disk, copy in the diff and be up and running quickly. Just a tip :)

this is why you use actual FDE drives if you want FDE and not a software middleman. also what happened to the recovery key?