Bitlocker issues with Windows 8.1

[jpxdude]

Hi All

I've been trying to find a solution to this, but nothing so far. Basically, I am installing Windows 8.1 on a Macbook Air 2013 via Bootcamp (with EFI intact), and I get it setup to our company specifications, however one of our requirements is full disk encryption.

When I enable the C drive to be encrypted (without TPM), it appears to work fine, and also during the process, for some reason the Apple recovery drive appears as a D drive. I have rebooted into Windows fine after entering the Bitlocker password no problem.

From this stage, once I attempt to boot into OSX, it goes straight into Recovery, and I can no longer start Windows, or even OSX for that matter. The only option I get is to trash everything and reinstall OSX again. Frustratingly, I have gone through this process twice, and not sure what to do next. If anyone has any ideas, I would appreciate the help greatly.

Thanks in advance!

-J

 

[jenzjen]

Hi All

I've been trying to find a solution to this, but nothing so far. Basically, I am installing Windows 8.1 on a Macbook Air 2013 via Bootcamp (with EFI intact), and I get it setup to our company specifications, however one of our requirements is full disk encryption.

When I enable the C drive to be encrypted (without TPM), it appears to work fine, and also during the process, for some reason the Apple recovery drive appears as a D drive. I have rebooted into Windows fine after entering the Bitlocker password no problem.

From this stage, once I attempt to boot into OSX, it goes straight into Recovery, and I can no longer start Windows, or even OSX for that matter. The only option I get is to trash everything and reinstall OSX again. Frustratingly, I have gone through this process twice, and not sure what to do next. If anyone has any ideas, I would appreciate the help greatly.

Thanks in advance!

-J

Try encrypting the OSX side first so that any Mac related drives will not be picked up by bit locker.

 

[jpxdude]

Hi Jenzjen

Thanks for the reply! Sounds like a good idea, but a bit weary of trying this again right now after having to go through reinstalling everything 3 times lol...Anyone go through this kind of thing already?

Thanks!

-J

 

[jpxdude]

OK as jenzjen has suggested, I am attempting to encrypt the Mac 100GB partition with FileVault, however it appears to be taking hours :-/ With BitLocker, the encryption is usually set in minutes. Any idea what the average time to do a FileVault encryption is? Cheers!

 

[jenzjen]

OK as jenzjen has suggested, I am attempting to encrypt the Mac 100GB partition with FileVault, however it appears to be taking hours :-/ With BitLocker, the encryption is usually set in minutes. Any idea what the average time to do a FileVault encryption is? Cheers!

Different machines but think FileVault took under 20 minutes on +200gb on a nMP, think about 35 minutes on +400gb for a rMBP

 

[jpxdude]

Thanks again for the reply jenzjen!

I have done what you suggested, encrypting with FileVault, then following up with Bitlocker afterwards, and it looked promising...however, I can now access the OSX side, but can't access the Windows partition side at all. Not sure what to do next, as it seems that I may need to format the partition and start over again Thanks again for your help!

-J

 

[jenzjen]

Thanks again for the reply jenzjen!

I have done what you suggested, encrypting with FileVault, then following up with Bitlocker afterwards, and it looked promising...however, I can now access the OSX side, but can't access the Windows partition side at all. Not sure what to do next, as it seems that I may need to format the partition and start over again Thanks again for your help!

-J

What do you mean you can't access the Windows side? Option boot and you can't see a Windows volume? We have filevalut and bitlocker on a few machines with Windows in boot camp and haven't had any issue with either OS (the only you can no longer do is access the other OS partition from the current OS, i.e. look at Mac files while running Windows).

 

[jpxdude]

What do you mean you can't access the Windows side? Option boot and you can't see a Windows volume? We have filevalut and bitlocker on a few machines with Windows in boot camp and haven't had any issue with either OS (the only you can no longer do is access the other OS partition from the current OS, i.e. look at Mac files while running Windows).

Yep, option boot doesn't show Windows side, Startup Disk Selector doesn't show Windows side, and neither does Recovery startup. At the moment it is impossible to boot back into my bitlocker encrypted Windows 8.1 partition.

In Disk Utility, you can see the drive there, but it's locked with Bitlocker. I understand that this may work on other Macs, but from what I understand, MacBook Air 2013's are the first that boot Windows using UEFI on GPT, so maybe that is the issue? Not sure what to do next, but this is further than I've got as prior to encrypting OSX with FileVault, my installation would crash into OSX Recovery only. Now at least it's only stuck in the OSX partition...

 

[jenzjen]

Strange, we have the same setup on late 2013 rMBP and late 2013 MP and have no problem switching between Win and OSX. I'm not on our machines, but I do recall that the software switchers may not show the other volume but option booting still works.

I will try to see if I can try it tonight to see what we did differently.

 

[jenzjen]

When I enable the C drive to be encrypted (without TPM), it appears to work fine, and also during the process, for some reason the Apple recovery drive appears as a D drive. I have rebooted into Windows fine after entering the Bitlocker password no problem.

I might owe you an apology, think I might have it reversed it. Now think I fully encrypted Windows first then went back to OSX filevault.

I was thrown off by your mention of an error by bitlocking first, but the partition you saw may have been the new Windows partition that bitlocker creates as part of its own process?

I recall my thinking being if bitlocker is going to mess around with disk partitions, I want the disk as accessible as possible so left Mac encryption as my last step once bitlocker was running fine.

If it was in fact the OSX recovery partition that was bitlocked, that I do not understand.

But as silver lining, I know it does work on other 2013 machines so hopefully your MBA will work as well.

Related, I presume you've already executed the TPM hack?
http://www.7tutorials.com/how-enable-bitlocker-without-tpm-chip-windows-7-windows-8

 

[jpxdude]

Hi jenzjen

Thanks for your help with this, unfortunately still facing the same problem, so we decided to virtualise the Windows installation via Parallels, which fortunately has it's own virtual encryption as well.

Not the most ideal solution, but it's generally working for what we need until something can be figured out (we have one machine out of the 16 deployed to play with still!).

Thanks again!

-J

 

[jenzjen]

I may have to secure another rMBP, will post back what worked for me

 

[jenzjen]

No hitches on another late 2013 rMBP, ran bitlocker on Win first then fv on OSX.

In Win, I can see the OSX as a startup disk choice in boot camp control panel, but I cannot see Win as a startup disk in OSX system preferences. Option boot to either OS works, so it doesn't matter.

Not sure why your install grabbed the recovery partition. I did choose to bitlock 'used space' (not entire disk) so maybe that's the issue?

 

[jenzjen]

Unfortunate update, ran prior steps on another nMP and now stuck in OPs situation, OSX can't be found beyond the recovery partition. The partition itself is still there but it now reads as a 'windows' partition when you click the boot camp icon and doesn't appear when I option boot.

Maybe this is a coin flip, sometimes it works and other times it doesn't. The only notable difference is earlier, we encrypted both OSs on fresh machines while here we tried on a machine that had been in service for about a month.

 

[Gjwilly]

Does any of this help?
http://joeraff.org/20131010/how-to-...aneously-on-a-dual-boot-mac-running-bootcamp/

 

[jenzjen]

Does any of this help?
http://joeraff.org/20131010/how-to-...aneously-on-a-dual-boot-mac-running-bootcamp/

good resource, seems like it will work but will spend a little longer trying to figure out why it worked before with no 'manual' steps at all

 

[jenzjen]

More strange stuff. I can't explain why, but it seems like the order of encrypting doesn't matter but it does seem to go haywire if you do it on a machine that's been used for a bit.

My earlier posts were based on a fresh machine, we ran bitlocker then fv with no issue

Today, on a fresh machine, we ran fv then bitlocker with no issue

The issue was yesterday, we tried encrypting on an in-service machine

So, short story, it can work fine with both bitlocker and fv on a fresh machine. Perhaps that link is necessary for an in service machine?

 

[jenzjen]

Last update for those interested, confirmed on 2nd machine that opposite steps worked (ran fv first then bitlocker, this is the same machine where we used bitlocker first then fv originally)

this was also a fresh machine, both OSs were clean installed

no special terminal commands or anything needed and now have both OSs encrypted

 

[MacProCard]

Strange, we have the same setup on late 2013 rMBP and late 2013 MP and have no problem switching between Win and OSX. I'm not on our machines, but I do recall that the software switchers may not show the other volume but option booting still works.

I will try to see if I can try it tonight to see what we did differently.

Once you get both drives encrypted, the only way I've found to boot into the other is with holding the option ket and selecting the drive.

 

[MacProCard]

Last update for those interested, confirmed on 2nd machine that opposite steps worked (ran fv first then bitlocker, this is the same machine where we used bitlocker first then fv originally)

this was also a fresh machine, both OSs were clean installed

no special terminal commands or anything needed and now have both OSs encrypted

Using New Mac Pro Late 2013 with 6core, 64ram(after market), 1tb, dual 700, 2 -27 inch thunderbolt display and installing 8.1 pro.

If you encrypt the windows HD first with bitlocker then it will resize and blow away your mac partition. The only Hard drive left to select during option key boot up will be the windows install. The Mac OS will need to be reinstalled or time machined.

However, if you use filevault first to encrypt your OS drive then bitlocker won't be able to resize your mac partition, thus leaving it intact. Then install bitlocker with no problems.

Once again. The only way I've found to boot into the other encrypted drive is to hold the option key during boot and select the OS drive you want to boot from. The bootcamp shell/ startup disk can no longer find the encrypted drives.

What a complete b this was to do but glad I got it working.