Video Screencast Help

Is is possible to clean install OS on an encrypted drive?

Created: 11 Nov 2012 • Updated: 11 Nov 2012 | 5 comments
This issue has been solved. See solution.

I am planning to do a clean Mac OS install.  I have already started to decrypt my disk, but I was wondering if I could have done the install from another machine with PGP installed without decrypting my machine drive.  If so, can I cancel the decryption process?  Or one started, must I finish the decryption? 

Comments 5 CommentsJump to latest comment

Tom Mc's picture

A disk must be decrypted before a fresh OS installation to it.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

desertrat's picture

Ok, thanks for the fast reply.  I will continue with the decryption.

desertrat's picture

Tom,

I have one more question.  If I don't need to preserve anything on the disk, could I just reformat the entire drive instead of waiting for the slow decryption process?  Wouldn't that wipe the drive and the boot partition along with it, essentially decrypting and erasing all at once?

Edit: I found this article explaining reformatting a PGP encrypted disk. 
http://www.symantec.com/business/support/index?pag...

Unfortunately, I don't have a machine that doesn't have PGP installed.  So, I will continue with the decryption.

PGP_Ben's picture

This is possible to do, although it needs to be done correctly. The supported method of course is the way TomMC described. If you are careful, you can do it this way - as long as you don't want to retain ANY of the files

***THIS WILL WIPE THE DRIVE CLEAN AND REMOVE ALL DATA SO BACKUP BEFORE DOING***

Both ways take several hours to do but may be faster than the decryption process depending on hardware and PGP version that is installed.

You have two options basically:

1) Take the drive out of the mac and put it in a PC with windows and use diskpart to clean the disk. Here is a KB on that process:

http://www.symantec.com/docs/HOWTO55966

2) Use DD utility to wipe the drive:

You can boot into single user mode (it's tricky while bootguard is on teh drive and encrypted) you have to press Command-S IMMEDIATELY after putting in your passphrase at bootguard. Another option is you can add a pgpwde --bypass command to bypass bootguard once. Thsi can be done via terminal utility with:

pgpwde --add-bypass --disk 0 (or disk number 1 if secondary drive) -p password or --wdrt (for wdrt)

once you do the bypass, the next reboot will bypass bootguard and you can hold down the Command+S keys and this will boot single user mode.

Another option is to just use the Mac OS Install disc and boot up to the install then go to the Menu at the top and select terminal

Wipe the drive using DD:

dd -bs=4096 if=/dev/zero of=/Volumes/DISKVOLUME HERE

You can find the volume information with:

diskutil list

Once you use DD to wipe the whole drive with zeros this will wipe out the PGPMBR and the encrypted sectors and allow you to reinstall again

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

desertrat's picture

My decryption finished some time last night, but the info is appreciated, Ben.  Thanks.