PDA

View Full Version : Can't Turn Off Encryption




Carlos-Pr7
Aug 4, 2011, 06:39 AM
I'm trying to turn off encryption in my Time Machine backup, But this error Comes Up. Please Help.



diamond.g
Aug 4, 2011, 07:56 AM
I'm trying to turn off encryption in my Time Machine backup, But this error Comes Up. Please Help.

Can you revert via command line?

Carlos-Pr7
Aug 4, 2011, 08:02 AM
Can you revert via command line?

So sorry, I'm not a very big expert, is Command line an application?

Gen
Aug 4, 2011, 08:16 AM
Try restarting first

Carlos-Pr7
Aug 4, 2011, 08:19 AM
Try restarting first

I Restarted twice

jc1350
Aug 4, 2011, 08:27 AM
First step, with the drive connected and mounted, open terminal.app and type:

diskutil list

then paste all the output so we can see it.

old-wiz
Aug 4, 2011, 09:02 AM
Well... my thinking is that if you set time machine to encrypt, then run a bunch of time machine backups (say a week's worth), then you'd have perhaps 50 gb on the time machine that is encrypted, so in order to turn it off, you would need to somehow un-encrypt all that data and rewrite it.

I'm suspecting that you would have to turn off time machine, erase the TM partition, and start over unencrypted.

Carlos-Pr7
Aug 4, 2011, 09:54 AM
First step, with the drive connected and mounted, open terminal.app and type:

diskutil list

then paste all the output so we can see it.
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *160.0 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_CoreStorage 152.8 GB disk0s2
3: Apple_Boot Recovery HD 792.2 MB disk0s3
4: Apple_CoreStorage 6.2 GB disk0s4
5: Apple_Boot Boot OS X 134.2 MB disk0s5
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFS MACINTOSH HD *152.4 GB disk1
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFSX TimeMachine *5.8 GB disk2
carlos-paiva-raposos-macbook:~ carlospaivaraposo$

Well... my thinking is that if you set time machine to encrypt, then run a bunch of time machine backups (say a week's worth), then you'd have perhaps 50 gb on the time machine that is encrypted, so in order to turn it off, you would need to somehow un-encrypt all that data and rewrite it.

I'm suspecting that you would have to turn off time machine, erase the TM partition, and start over unencrypted.

I Tried to erase the Disk. Could you tell me a way to PERMANETLY DISABLE a disk?

mrapplegate
Aug 4, 2011, 10:09 AM
Try typing diskutil cs list in terminal it will tell if the disk is still being encrypted. It looks like a couple are but we don't know their state. That listing will tell us more.

Carlos-Pr7
Aug 4, 2011, 11:20 AM
Try typing diskutil cs list in terminal it will tell if the disk is still being encrypted. It looks like a couple are but we don't know their state. That listing will tell us more.
carlos-paiva-raposos-macbook:~ carlospaivaraposo$ diskutil cs list
CoreStorage logical volume groups (2 found)
|
+-- Logical Volume Group AD97CE6D-F3D9-431A-B8BC-648662C4F77F
| =========================================================
| Name: MACINTOSH HD
| Sequence: 1
| Free Space: 0 B (0 B)
| |
| +-< Physical Volume D5B4A181-A7B9-4A18-86FF-E312A3E08F6E
| | ----------------------------------------------------
| | Index: 0
| | Disk: disk0s2
| | Status: Online
| | Size: 152753934336 B (152.8 GB)
| |
| +-> Logical Volume Family 3AFEA11B-960E-4609-881B-608663E5B4D9
| ----------------------------------------------------------
| Sequence: 9
| Encryption Status: Unlocked
| Encryption Type: AES-XTS
| Encryption Context: Present
| Conversion Status: Complete
| Has Encrypted Extents: Yes
| Conversion Direction: -none-
| |
| +-> Logical Volume AD7A4A45-6C15-49AD-A0A2-3D71A7CCBECA
| ---------------------------------------------------
| Disk: disk1
| Status: Online
| Sequence: 4
| Size (Total): 152435163136 B (152.4 GB)
| Size (Converted): 152435163136 B (152.4 GB)
| Revertible: Yes (unlock and decryption required)
| LV Name: MACINTOSH HD
| Volume Name: MACINTOSH HD
| Content Hint: Apple_HFS
|
+-- Logical Volume Group 34C1E9FD-2C07-49CB-89FD-4892FF8C6998
=========================================================
Name: Time Machine
Sequence: 1
Free Space: 276824064 B (276.8 MB)
|
+-< Physical Volume 6F4499B3-F859-4A4E-965A-B114DF29F388
| ----------------------------------------------------
| Index: 0
| Disk: disk0s4
| Status: Online
| Size: 6151802880 B (6.2 GB)
|
+-> Logical Volume Family 3DB844AD-FE06-4CA0-9628-9690D8455841
----------------------------------------------------------
Sequence: 2
Encryption Status: Unlocked
Encryption Type: AES-XTS
Encryption Context: Present
Conversion Status: NoConversion
Has Encrypted Extents: Yes
Conversion Direction: -none-
|
+-> Logical Volume 563706D1-8D30-4759-8CB7-DBA844EFCB31
---------------------------------------------------
Disk: disk2
Status: Online
Sequence: 3
Size (Total): 5833031680 B (5.8 GB)
Size (Converted): -none-
Revertible: No
LV Name: TimeMachine
Volume Name: TimeMachine
Content Hint: Apple_HFSX
carlos-paiva-raposos-macbook:~ carlospaivaraposo$

mrapplegate
Aug 4, 2011, 11:51 AM
=========================================================
Name: Time Machine
Sequence: 1
Free Space: 276824064 B (276.8 MB)
|
+-< Physical Volume 6F4499B3-F859-4A4E-965A-B114DF29F388
| ----------------------------------------------------
| Index: 0
| Disk: disk0s4
| Status: Online
| Size: 6151802880 B (6.2 GB)
|
+-> Logical Volume Family 3DB844AD-FE06-4CA0-9628-9690D8455841
----------------------------------------------------------
Sequence: 2
Encryption Status: Unlocked
Encryption Type: AES-XTS
Encryption Context: Present
Conversion Status: NoConversion
Has Encrypted Extents: Yes
Conversion Direction: -none-
|
+-> Logical Volume 563706D1-8D30-4759-8CB7-DBA844EFCB31
---------------------------------------------------
Disk: disk2
Status: Online
Sequence: 3
Size (Total): 5833031680 B (5.8 GB)
Size (Converted): -none-
Revertible: No
LV Name: TimeMachine
Volume Name: TimeMachine
Content Hint: Apple_HFSX
carlos-paiva-raposos-macbook:~ carlospaivaraposo$

You can the use the revert command,
diskutil cs revert disk0s4


If I'm reading the man page correct you should not need a passphrase if you are logged in, but being an external drive you might need to supply that since it is not an internal drive.
The GUI should work, and I have not used terminal with Core Services ( Filevault2), so beware.

Here is the man page info( man diskutil ) Core Services Section:



revert device | lvUUID [-stdinpassphrase] | [-passphrase passphrase] | [-recoverykeychain file]
Convert a CoreStorage logical volume back to its native type. The volume must have been created by means of conversion, e.g. with diskutil coreStorage convert.

If the volume was not created with a passphrase, then simple ownership of the affected disk is required; otherwise, a passphrase must be supplied, either interactively or via one of the parameters.


Backup your backup :-) before trying to decrypt, you might lose data.

jc1350
Aug 4, 2011, 12:30 PM
I don't think Carols can remove filefault 2 without formatting or repartitioning the drive.

Conversion Status: NoConversion (mine has "Complete")

Revertible: No (mine has "Yes (unlock and decryption required)")

Free Space: 276824064 B (276.8 MB) (mine has 0 MB) <-- I believe this is for the Logical Volume Mangement; the LVM should use 100% of the physical disk, then your "disks" are created inside the LVM container. I think this is the root cause of the problem; since the entire disk isn't used for LVM (core storage aka cs in Mac OS), it can't "go back."

I'm going to keep looking as time permits to confirm this.

mrapplegate
Aug 4, 2011, 12:38 PM
I don't think Carols can remove filefault 2 without formatting or repartitioning the drive.

Conversion Status: NoConversion (mine has "Complete")

Revertible: No (mine has "Yes (unlock and decryption required)")

I have a feeling that the problem is that the drive wasn't "converted" - whatever that means in this context. I'll look around as time permits.

Good catch, I just compared to mine. I have what you have. You might be correct, he might not be able to revert. Worth a try before a reformat.

Here is some info from a Mac OX Hint (http://hints.macworld.com/article.php?story=20110721124750102).
Update: Even when you create an encrypted volume with Disk Utility, the encryption can be removed. Just select File => Disable encryption in DU.

But from what I've read in diskutil's manpage, it is only possible to convert Core Storage volumes to normal volumes that were created by converting a normal volume in the first place. So I guess that disabling encryption on a volume that was created by formatting a partition as "Mac OS Extended (journaled, encrypted) will result in an unencrypted Core Storage volume.

I'm trying this right now and will report back when decryption is finished.


I'm trying to turn off encryption in my Time Machine backup, But this error Comes Up. Please Help.

How did you encrypt your TM volume? Disk utility? Command line?

jc1350
Aug 4, 2011, 12:52 PM
Carlos:

If you are going to nuke the drive and start over, you may want to try this first.

diskutil cs convert disk2s1

or to enable encryption (which you already have, but may still need this):
diskutil cs convert disk2s1 --passphrase and you'll be prompted to enter the password.

I personally would try the first one first (without the passphrase since it's already encrypted).

I don't know if this will cause any problems. I did this with a USB flash drive to encrypt it without formatting and had no problems, but since your disk is already encrypted, you are in unknown territory.

If it works and the disk is still encrypted, then you can try diskutil cs revert disk2s1
This will take it back to the native format.

CyBeRino
Aug 4, 2011, 01:06 PM
You can only revert disks that were originally converted from plain-text. If you partioned your disk anew and had it encrypted at that point, decrypting it requires copying the data, formatting it again (this time without encryption) and copying it back.

mrapplegate
Aug 4, 2011, 01:11 PM
You can only revert disks that were originally converted from plain-text. If you partioned your disk anew and had it encrypted at that point, decrypting it requires copying the data, formatting it again (this time without encryption) and copying it back.

I have not used the revert command but it is there for a reason, and the man page says it will , "Convert a CoreStorage logical volume back to its native type. The volume must have been created by means of conversion, e.g. with diskutil coreStorage convert."

so using the GUI or the command line to encrypt, the revert command should not erase the data, but decrypt and leave the drive in the format it started in.

CyBeRino
Aug 4, 2011, 01:15 PM
I have not used the revert command but it is there for a reason, and the man page says it will ,

so using the GUI or the command line to encrypt, the revert command should not erase the data, but decrypt and leave the drive in the format it started in.

Note the language: it will convert it back to its native type. If it was created as a core storage volume, it can't do that because the information required to do so is missing (and there may be some header space issues, too.)

Also it quite explicitly says that the volume you're trying to convert has to have been a non-encrypted volume first, which was then converted by 'diskutil cs convert' (or something that has the exact same effect, such as time machine or filevault converting a disk.)

mrapplegate
Aug 4, 2011, 01:17 PM
Note the language: it will convert it back to its native type. If it was created as a core storage volume, it can't do that because the information required to do so is missing (and there may be some header space issues, too.)

I read that as the native type being Mac OS Extended Journaled, or another format, so it would revert to what it was before the encryption. If Mac OS Extended Journaled before, then Mac OS Extended Journaled
after. I guess someone will have to test on some USB drives what the revert command does.

Yes, it says " The volume must have been created by means of conversion, e.g. with diskutil coreStorage convert", which is exactly what the convert command does. It encrypts the volume. The revert command does the opposite, as long as the volume was created with the CS convert command which an encrypted TM volume would be.

jc1350
Aug 4, 2011, 01:29 PM
CyBeRino is correct. I just played with a spare flash drive.

If the disk is formatted with encryption, there is no "conversion" process since it was done "natively" during the format process. This means the only way remove encryption is to reformat.

If the disk is converted from a regular disk without reformatting or repartitioning, then it can go back to the pre-encryption state.

I'm now curious as to how Carlos encrypted the drive. My Time Machine was converted via the Time Machine applet in system preferences, so mine shows "conversion: complete."

mrapplegate
Aug 4, 2011, 01:33 PM
Interesting. There is something Lion does not like about it. Quickest solution would be for OP to get his data off and start over I guess. Revert or not, I'm sure the OP does not have the time to figure it out. Sometimes easier to start over.

CyBeRino
Aug 4, 2011, 03:40 PM
Yes, it says " The volume must have been created by means of conversion, e.g. with diskutil coreStorage convert", which is exactly what the convert command does. It encrypts the volume. The revert command does the opposite, as long as the volume was created with the CS convert command which an encrypted TM volume would be.

Yes yes, but what you're missing here is the volume in question was not made with the diskutil cs convert command. Therefore it cannot be reverted.

mrapplegate
Aug 4, 2011, 03:43 PM
Yes yes, but what you're missing here is the volume in question was not made with the diskutil cs convert command. Therefore it cannot be reverted.

Oh, my bad, I did not see where the OP stated how he encrypted the volume.

CyBeRino
Aug 4, 2011, 04:02 PM
Oh, my bad, I did not see where the OP stated how he encrypted the volume.

He didn't, but his diskutil cs list output did:


Conversion Status: NoConversion

mrapplegate
Aug 4, 2011, 04:03 PM
He didn't, but the fact it can't be reverted tells us he didn't do it as a conversion.
Or a bug that will be addressed in 10.7.X

CyBeRino
Aug 4, 2011, 05:36 PM
Or a bug that will be addressed in 10.7.X

You posted without me noticing before I edited. The output from diskutil he posted tells us with certainty that didn't happen.

Carlos-Pr7
Aug 4, 2011, 08:56 PM
How did you encrypt your TM volume? Disk utility? Command line?

back in 08, i just installed time machine normally