3 Replies Latest reply on Feb 11, 2011 2:50 PM by SafeBoot

    Manually setting the encryption key

      Hi,

       

      sorry, as the following is not an McAfee issue but a HP one, but I hope to get an answer from here since the HP product bases on the McAfee one and HP support is not helpful at all.

      I had problems with the HP drive encryption since some stupid Seagate firmware update tool overwrote the MBR with the decryption information so the disks could not be accessed any more.

      Fortunately, there were forum posts of other persons suffering the same problems and also some advice on how it might be able to get the data back.

      Following the steps specified and after solving some driver problem, I was able to create a working BartPE Safeboot disk and was also able to authenticate and authorise. Finally after 2 days of force decrypting, the 250GB system partition was back again. Though, there are still 750GB encrypted left (2 more partitions). Since decryption using the BartPE Safeboot disk takes quite some time, I wonder whether I could avoid or speed it up somehow.

      So my questions are:

      Is it possible to restore the original MBR that uses the key from the backup file (HPDriveEncyrptionBackup.dat), with which the remaining two partitions are still encrypted, so that the two remaining partitions are instantly accessible again? My guess is that this is definitely possible using a disk edition given the exact location of the encryption key on the disk.

      Alternatively, is it possible to speed up the decrpytion process? I have no clue what the bottleneck might be, it is definitely not CPU or HDD since fans remain silent during decryption and HDD speed is only about 2500 sectors (which should be ~1MB) per second.

       

      Note: I made a full (dd_rescue based) raw backup of the affected drive, so I could experiment quite a bit...

       

      Thanks a lot

        • 1. Re: Manually setting the encryption key

          Q - Is it possible to restore the original MBR that uses the key from the backup file (HPDriveEncyrptionBackup.dat), with which the remaining two partitions are still encrypted, so that the two remaining partitions are instantly accessible again? My guess is that this is definitely possible using a disk edition given the exact location of the encryption key on the disk.

           

          A - No, sorry, not with the HP product. It's not a single sector either - there is megabytes of data you'd have to reconstruct.  It's simply not possible to connect a drive from one activation to either another activation, or a new activation.

           

          Q - Alternatively, is it possible to speed up the decrpytion process? I have no clue what the bottleneck might be, it is definitely not CPU or HDD since fans remain silent during decryption and HDD speed is only about 2500 sectors (which should be ~1MB) per second.

           

          A - If you are using BartPE the encryption/decryption should run at the same speed - if they are not, it usually means you don't have the right hard disk controller drivers running in your BartPE image.

          • 2. Re: Manually setting the encryption key

            Thanks for your answer!

             

            I noticed that the regular copy speed in BartPE is quite high (used the copy command from the shell on a larger file). I guess it is at the same level that can be achieved in windows 7 (>80 MB/s). Could it be that the safeboot driver is somehow accessing the hardware directly by bypassing the SATA driver?

             

            One final question to prevent future hassles with the drive encrpytion:

            How to identify the sectors that need to be dd'ed (raw copied) to restore the decryption mechanism once it got corrupted?

             

            Thanks again

            • 3. Re: Manually setting the encryption key

              no, it's not possible for the EEPC driver not to be using the ATAPI stack in Bart PE.

               

              And it's also not possible to restore the encryption environment. If that happens, use the standard EEPC tools to recreate it. You can't solve problems by copying sectors.