Search

Help & Support / Enterprise Whole Disk Encryption / Self-encrypting Drive Recovery - Mac

Enterprise Whole Disk Encryption

Self-encrypting Drive Recovery - Mac

You will need:

• A USB flash drive that can be formatted and dedicated to this task.
• The SED recovery tool for Mac image file, downloaded from the following location: https://webdav.austin.utexas.edu/ewde/! SecureDoc Tools/SED Recovery - Mac.
• Exported hardware recovery files for the device (DBK and ENC), from the SecureDoc console.

Create a bootable recovery tool from the DMG file

1. From any Mac O/S device, open Terminal and run the following commands:
   diskutil unmountDisk /dev/disk1 where "disk1" refers to the target USB media. To verify which disk is the target USB media run the "mount" command in terminal to list current disks.

2. Run the following command:
   dd if=sdemgdsk.dmg of=/dev/disk1 where “if” is the path to the image file

3. When the process completes successfully there will be two partitions on the USB media, one hidden and one visible (SDFAT). Copy the exported Hardware Encryption Data (DBK and ENC files) to the root of the SDFAT partition.

4. Insert the USB media into the Mac device to be recovered and power it on.

5. Hold the Option (Alt) key when the Mac posts and select recovery USB media as the boot device.

6. Type "Yes" to run the SecureDoc Recovery tool

The following information will be displayed:

Print SED device info
Device Model: XXXX
Drive serial number: XXXX
Drive firmware Revision: XXXX
Drive Flags/state: indicate status of the drive

Note: Regarding status of the drive, 0x0/0x0 indicates factory default, i.e. not managed, and 0x1/0x101 indicates encrypted and locked.

Before proceeding, be sure that the option chosen is appropriate for the desired purpose:

• Type "t" to Decrypt the SED device. The FDE card will be removed, unlocking the drive and providing unrestricted access to its contents.

  Note: This command does not delete data and does not uninstall SecureDoc . Data may be recovered from the drive and then a new image applied.

• Type "z" to Crypto-erase the SED device. The drive will be returned to its factory state. All data will be lost.

Last updated July 31, 2012 @ 11:22 am

We Can Help

Get help from an expert at the ITS Help Desk!

* Call us at 512-475-9400

* Live chat is not available at this time

* Submit a help request online

We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!

Related Support Topics

• Getting Your Department Set Up to Use Enterprise Whole Disk Encryption
• Approved Encryption Methods for UT Austin Portable Devices
• What is SecureDoc?
• What kind of protection does SecureDoc provide?
• Does SecureDoc encryption remain on files after they are moved from my local hard drive?
• More Related Articles >