Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Cant boot system after attempting to change MBR of boot camp partition

Created: 17 Feb 2011 | 8 comments

Against my better judgement, I followed some instructions I found at the VMWare community forum to be able to boot a virtual machine using Parallels on a WDE disk. 

 

Luckily, Boot Camp VMs include a copy of the MBR (with the boot code and the partition table) in a separate file, so this is very easy to fix:

#. Start the Boot Camp VM (not native!) with a Windows install CD/DVD (or ISO image).

#. Go to the repair command prompt.

#. Run the fixmbr command in Windows XP or bootrec /fixmbr in Windows Vista or Windows 7 to overwrite the MBR code.

 

This way your Boot Camp VM will use the default Windows boot loader to access the already decrypted data, while the native Boot Camp startup will use the PGP MBR code (which is still on the physical disk) to go to the PGP prompt for the password, and decrypt the disk.

 

I am running Windows XP, so I got to the repair prompt and typed "fixmbr".  It gave me a big warning and I went ahead and followed through with it anyway.  Now the system won't boot into OS X or Win XP.  Windwos says the OS is missing and OS X shows me a circle with a line through it.  I've got a backup, so I can restore my system, but I have a few questions before I continue.  First, I want to make sure I restore my system properly.  I read this theread (https://www-secure.symantec.com/connect/forums/un-...) and there was an issue for this person after erasing a drive.  If I understand correctly, re-partitioning the drive to one partition will effectively erase the encryption, boot partition and all traces of PGP; and I don't need to decrypt it before I do this, I just re-partiton.  After that, I simply restore from my backup and encrypt the drive again like I did to begin with, right?

Second question is regarding the problem that caused this in the first place.  I understand that booting a virtual machine isn't supported with PGP, but I just started using some software for my business that runs on windows and I absolutely must do this.  I know people have been able to successfully do it, so I need to know how and why it didn't work for me.  Since I am pretty much going to be doing a new installation of PGP, is there an easier way to do this before I encrypt the drive?  I am willing to risk messing things up again.  It is extremely tedious and time consuming, but I need to make this work so I can run my business.  I would really appreciate any assistance anyone can offer on this issue.

 

Thank you,

desertrat

Comments 8 CommentsJump to latest comment

mallardduck's picture

1) Yes, repartitioning (not erasing) will remove everything, including WDE from your drive.  You'll have to do that from an OSX environment without PGP installed.

2) Use VMWare without using bootcamp.  That works just fine. 

 

There is no supported means of using VMWare/Boot Camp/WDE.

castsail's picture

@mallardduck, Thank you for sharing your insights and experiences on this subject.

From your comments in this thread, although perhaps not officially supported, it would appear that I may expect no MBR corruption or other problems when using a virtualized Windows XP guest OS running on a dedicated physical disk encrypted with PGP WDE. Is that correct?

Related topic with additional details: Virtual WinXP guest with physical PGP WDE disk in multi-drive/multi-boot setup? In summary:

  • I am currently using Linux as the host with KVM and read-only ntldr assistance to boot XP from the physical disk, however I might switch to VMware or other platform if necessary.
  • The separate disk for the host OS is also encrypted.
  • I am currently using a separate disk so that I may boot Windows XP natively or virtualized.
  • The question is: if I encrypt the Windows XP disk with PGP WDE, will I still be able to run Windows XP virtualized, from the now encrypted physical drive, without corruputing the MBR or experiencing other problems?

Thanks in advance for any insight you can provide!

Aside: certainly one should ensure that they have complete and working backups before trying such things and also ensure that the backups are maintained regularly (daily for critical data).

mallardduck's picture

You always encrypt disks on the Mac from OSX - not Windows.  VMWare does not support encrypted boot camp disks, even if they aren't also the Mac boot disk.  The simple way around it is to have two different XP environments - one a standalone VM, and one that you boot.  Yes, you have to install things twice, but it's the only supported solution.

desertrat's picture

Thanks for the response, mallardduck.  While I was impatiently waiting last night for a response here, I went ahead and did a repartition while booted from my clone which is also a PGP encrypte disk.  I knew repartitioning seemed like the rght thing to do, but I didn't realize I needed to be doing it from a system without PGP on it.  I have several other computers here I could have done it from, or I suppose I could have just used my OS X install disk.  Why is it necessary though, to use a system without PGP to repartition?  I can go ahead and start over again if necessary, I haven't begun encrypting my disk again yet.

Regarding the other issue.....  I just installed a VMware virtual machine and have it up and running WITHOUT boot camp.  So, my senses tell me that I don't need to install PGP in the VM because it is already decrypted when I boot into Mac OS, right?  I know with boot camp I had to install PGP on both volumes before I encrypted my disk.  Since I am not using boot camp anymore, this doesn't apply now, right?

mallardduck's picture

Interesting - PGP usually prevents you from partitioning an instrumented disk, so the fact that it worked confirms that the disk was corrupt.

 

But yep, you don't need to encrypt the VM if you've encrypted the host.  Definitely simplifies things! 

desertrat's picture

But yep, you don't need to encrypt the VM if you've encrypted the host.  Definitely simplifies things!

Sorry, but I want to clarify I'm on the same page with you.  I don't understand what you mean by saying I "don't need to encrypt the VM".  I don't have a choice with what I want to encrypt since PGP WDE is a Whole Disk Encryption.  Did you meant that I don't need to install PGP on the VM?  When I tried to start my boot camp  Windows installation with Parallels on an encrypted disk, it got stuck on the bootguard screen, which was the whole reaosn I got into this mess.  So, that bootguard was there because I installed PGP in the Windows OS on my boot camp partition, right?  Since this VM will be decrypted upon startup of my Mac, I won't need to install PGP in Windows, and I won't get the bootguard when starting up the virtual machine, right?  This is what I understand, just wanted to clarify your answer because I don't want to make another mistake here!

By the way..... After looking around at the options today, I actually decided to ditch VMware Fusion for Parallels 6.  I was already running Parallels 5 with boot camp before I started using PGP, but I wasn't ever that satisfied with it.  I generally just booted into the boot camp partition and never used it as a VM.  So, I'm going to upgrade to parallels 6 and use that to run my virtual machine now.  I definitely don't need boot camp anymore.  Much easier this way!  Thanks!

mallardduck's picture

That's correct, you don't need to install anything inside the virtual machine, it's encrypted because the VM files live on the encrypted OSX partition.

The Fusion vs Parallels debate rages back and forth.  There's a few major differences:  Fusion has better sandboxing, much better support, and probably better underlying technology.  Parallels has better host integration and speed, but may be less stable.  Disclaimer:  I use Fusion because of the sandboxing and reliability.

desertrat's picture

Yeah, I hate those Ford vs. Chevy types of arguments.  I just tried them both and picked the one I liked better.  Actually, the biggest reason for me was that Fusion left a sort of "trail" when I was moving windows around.  It didn't seem right to me, so I went with parallels.  They do also have a few different features and the features set with parallels appealed to me a little more anyway.  In the end, I really think it's probably a draw.  A decision that is that hard to make only leaves you with picking one over the other for rather minute reasons. 

I'm glad I went with a VM installation rather than boot camp again.  I only need to run one Windows application on a regular basis for business, and that's about all I do with Windows.  I never need the full use of processor and RAM because I just won't demand that much with my work. Now I have much more hard disk space on my MBP becuase I don't need to deal with partitions.  All in all, I think the VM is a big winner for me.  Anyway, thanks for everything. I'm running the encryption now!