PDA

View Full Version : SuperDuper! with PGP Whole Disk Encryption?


junkw
01-28-2010, 10:09 AM
Hello.

I searched a lot on the subject but I didn't find the answer.

If you can help feel free!

I currently have a MBP with the internal drive wholy encrypted with PGP WDE 10.0.0. What I want is a bootable external hard drive identical in every way to my internal drive (ie. bootable + encrypted). So if my internal drive crashes, I just take the external hard drive off its enclosure, put it in the MBP, power on and everything will be like the original crashed drive ***WITH THE PGP PROMPT AT BOOT***, and including all the files up-to-date.

So my question is : can SuperDuper! do this?

dnanian
01-28-2010, 10:34 AM
SuperDuper! does not currently support PGPWDE 10. They've made some changes to the way the data is stored, and we need to change SD! to support the new files, etc.

It will work with PGPWDE 9, however.

For each, the procedure is pretty simple: you'll erase the destination drive, encrypt the empty drive with PGPWDE, then make a "Backup - all files" with "Smart Update".

But, again, this won't work with PGPWDE 10 until we add support for it (it was released after the release of 2.6.2).

junkw
01-28-2010, 10:44 AM
Ok! But since PGPWDE 9 doesn't support MacOSX 10.6, I cannot use PGPWDE 9. They released 10.0 especially to support 10.6.

If I make a "Backup - all files", will it include boot sectors? I mean, the external disk will be bootable with the PGP prompt?

dnanian
01-28-2010, 11:00 AM
It blesses the drive, which is encrypted, and should prompt at the point that it loads its stuff.

junkw
01-28-2010, 11:07 AM
ok thx! So I think it will fit my needs. Do you plan to add WDE 10 support in the near future ? ;)

dnanian
01-28-2010, 11:32 AM
I don't know when our next release will come out, sorry.

iamgreen
03-20-2010, 01:34 PM
I've been so happy with SD for years and years. I think you should charge something for a version 3 upgrade. However, I NEED PGP Whole Disk Encryption (WDE) v10.0.1 support. Since you were compatible with 9.9, please bring it online soon!

For version 9 from last year, did Smart Update work correctly, or does it copy the whole disk every time?

iamgreen

ok thx! So I think it will fit my needs. Do you plan to add WDE 10 support in the near future ? ;)

dnanian
03-20-2010, 02:10 PM
Smart Update worked fine with PGPWDE9 (and if copied to an encrypted drive with Smart Update, the destination was encrypted and bootable).

PGPWDE10 support is coming in the next update.

DavidCB
05-23-2010, 05:17 PM
For each, the procedure is pretty simple: you'll erase the destination drive, encrypt the empty drive with PGPWDE, then make a "Backup - all files" with "Smart Update".

Just so I understand, does this mean that every PGPWDE backup done with Superduper copies all files, not just new and changed ones, the way Smart Update normally does?

David

dnanian
05-24-2010, 08:58 AM
No. It works just like a normal Smart Update.

hootjr29
10-24-2012, 09:17 AM
Hi Dave or Bruce,

I'm currently running Mountain Lion (10.8.2) and have PGP WDE v10.2.1 MP4 (build 4961) with my internal drive encrypted. In the past, when Superduper! did not support v10, we had to use Carbon Copy Cloner. So even though we purchased 20-30 licenses for all the staff, we were using CCC because it had supported PGP v10. Now that your team has released SD! v2.7.1, does this include support for PGP WDE v10? If so, is there anything special that I will need to do in SD! to eliminate it from backing up the PGPWDE01 and 02 files from the / of my external drive (that is encrypted also) when I do a Smart Backup?

If SD! supports this, we would prefer to use this rather than purchase a new license for CCC in order to do the same thing.

Thanks,
Joe

dnanian
10-24-2012, 09:26 AM
I believe 2.7.1 works fine with PGPWDE, Joe.

hootjr29
10-31-2012, 04:34 PM
Unfortunately, it does not appear to work.

I spent a good amount of time over the last few days working on this. There are 3 other employees here testing this with me. None of us have been successful getting this to work.

I have done the following multiple times to test:
- boot out of a non-PGP iso (mountain lion USB flash drive) and clear the partition table by writing dd's of /dev/zero across about 10G of the external disk
- carve out and format a new filesystem in a new GPT partition
- re-encrypt that disk
- retry a SD! copy of my OS to that newly encrypted partition
- Attempt to boot out of it after it finishes.

I have tried this with SuperDuper! 2.7.1 and also with Carbon Copy Cloner (Version 3.5.1 (1079)). Both products have been unsuccessful :(


My hardware is as follows:
Model Name: MacBook Pro
Model Identifier: MacBookPro10,1
Processor Name: Intel Core i7
Processor Speed: 2.7 GHz
Number of Processors: 1
Total Number of Cores: 4
L2 Cache (per Core): 256 KB
L3 Cache: 8 MB
Memory: 16 GB
Boot ROM Version: MBP101.00EE.B02
SMC Version (system): 2.3f32

and I have an Apple 500G SSD disk as my internal drive (not sure if SSD is different when it comes to creating a SD! copy).

Let me know if you need any other information that would be useful in helping to track down why SD! does not currently properly copy a PGP encrypted OSX Mountain Lion 10.8.2 OS-disk to an external drive that is also PGP encrypted. I am currently using PGP Desktop v10.2.1 MP4, btw.

dnanian
10-31-2012, 05:48 PM
Unfortunately, I don't know why this wouldn't work. Perhaps they've changed the way *they* work? We're preserving the files they asked us to preserve, and everything else is done the standard way.

I'm sorry if it's not working...have you considered using Mountain Lion's native FileVault2 encryption instead? That doesn't require 3rd party drivers and may be an overall better solution given the fact that the OS vendor is supporting it..

hootjr29
11-01-2012, 06:30 AM
We have. The problem we have as an organization with FileVault2 (which would be fine for us if they had the following feature) is that there is no central way to enforce a policy to have the internal drive encrypted. There are also no reports that we can run for auditors to show that all internal disks for all our staff have whole disk encryption on them. PGP offers that. FileVault2 will eventually get there. Google has a project called Cauliflowervest (http://code.google.com/p/cauliflowervest/) which looks promising. But until there is an enterprise grade solution with support to back it, it is unlikely that my company will move to something like that.

...and until then, we are in need of a way to clone our internal drives to an external encrypted disk.

At this point, I'm really not sure what the problem is either.

- Did Apple changed in the hardware (EFI-related, SMC version, etc..)?
- Did Apple change something inside the OS that happens to be looking at locations where PGP has adjusted things?
- Did PGP change something?

I never get anywhere with Apple support, so that is moot. I have an issue opened already with PGP on this. And now I'm also trying to work the support realm at shirtpocket through this forum post.

Will ShirtPocket be planning on helping to resolve this? Is there any other data that I can provide to you to help us figure this thing out?

Thanks,
Joe

dnanian
11-01-2012, 10:43 AM
Is the data accessible and legitimate after the copy? If you copy it to a non-encrypted disk at that point, does it boot?

hootjr29
11-02-2012, 09:32 AM
Is the data accessible and legitimate after the copy? If you copy it to a non-encrypted disk at that point, does it boot?

Yes, I believe it does. I'll try to verify that shortly. So although SD! rsync's may not actually be the problem. Do you have any other thoughts on why the OS won't boot after?

After we use SD! to copy the data over to the PGP encrypted external disk and try to boot, PGP authenticates from the external disk and then start into the kernel boot code (grey mac screen with the apple in the middle). Then after maybe 30 seconds of the little spiny firefoxish progress meter moving we see a circle with a diagonal line through it from the top right to the bottom left (Like a No-booting logo :(.

Have you seen anything similar with FileVault2 boots after a copy?

dnanian
11-02-2012, 09:47 AM
I can only suggest that they're doing something nonstandard in their startup volume. The data is likely fine - perhaps they have a blessing suggestion at PGP (they should work with the standard tools).