Sunday, 31 July 2011

Upgrading from Mac OS X Snow Leopard with PGP to OS X Lion

I have just been through a world of pain upgrading from Snow Leopard with PGP Whole Disk Encryption to Mac OS X Lion with FileVault whole disk encryption.

Anyone who uses a Mac within a financial institution and many others will be required to use some form of whole disk encryption. Until Lion was released, the only option was PGP WDE version 10 and above. Unfortunately PGP never seems to be compatible with the latest OS updates like 10.6.8 so you are prevented from updating hence my desire to get off PGP and use FileVault2 built into Lion.

PGP advise against upgrading to Lion because, low and behold, it's incompatible but it can be done by following these steps :-

1. Decrypt your hard drive with PGP (takes several hours),
2. Uninstall PGP,
3. Remove your EFI password if you have one set,
4. Backup your data (although not strictly needed, it would be imprudent not to),
5. Use Boot Camp assistant to create the minimum 20GB Windows partition - see why below,
6. Without installing Windows, use boot camp assistant to remove the Windows partition you just created !
7. Purchase and download the Lion installer but don't run it !
8. In the file, show contents and then use Disk Utility to burn the InstallESD.dmg file to a blank DVD - this gives you a bootable Lion install DVD which you may need later.
9. Install Lion by running the installer from your hard disk.

Steps 5 and 6 seem pointless but these are necessary in order to replace the Master Boot Record on your hard disk which PGP has polluted and which prevents Lion from installing it's recovery partition. Without the recovery partition you cannot install FileVault and you also cannot fix the very common Lion login problem where none of your accounts are migrated so you cannot login post install !

After install you should have Lion installed and with luck the recovery partition is installed. There is a good chance that you can't login at this stage so you need to boot from the recovery partition by holding down Cmd-R or Alt during boot up. If this doesn't work and you are presented with the login box again then you have no recovery partition and you'll need to boot from the DVD by holding down the Alt key with the DVD in the drive.

Once in recovery, start a terminal and type 'resetpassword' and then select the root user and set a password. Reboot and login as root and then recreate your accounts using the same home directories and you won't have lost any data.

If you don't have a recovery partition, try steps 5 and 6 again and then reinstall from the DVD - your data should still be there afterwards.

Once installed with the recovery partition, setup up FileVault from the Preferences / Security menu and you'll have no future need of PGP or any need to fear software updates.