Running OS X Lion with FileVault, and Windows 7 with BitLocker


Recommended Posts

Goal: On my MacBook Pro 13 (mid-2010), I want to run both OS X Lion with FileVault protection, and Windows 7 64-bit (Boot Camp) with BitLocker protection.

Dilemma: Limit of four primary partitions.

Story: I have this 13-inch MacBook Pro (mid-2010) which I rarely used. Several months ago I upgraded its hard drive to a Seagate Momentus XT 500GB, and just recently I loaded Windows 7 through Boot Camp. I was impressed with how well Windows 7 ran on the system, and I was even playing fairly recent games at high graphics quality. I decided that I wanted to secure the hard drive data in case I bring the laptop with me when I go on trips. "No problem", I thought. Both Windows 7 and OS X Lion have drive encryption features. I first attempted to enable BitLocker in Windows, and realized that the MacBook didn't have a TPM chip. No big deal though - I'll just enable BitLocker and use a USB drive for authentication. The next issue I ran into was that BitLocker required a separate boot partition, and with a Boot Camp install, Windows loads everything in one partition.

OS X Lion uses three partitions - an EFI partition, the OS X partition, and a recovery partition. "Hmm, I don't really need that recovery partition", I thought. So I removed the recovery partition, enabled BitLocker, and all was well on the Windows side. I was impressed that I didn't really notice any speed difference with BitLocker enabled.

Next step: Enable FileVault. Only problem: Apparently FileVault requires that OS X recovery partition. So now I have a dilemma. I can only encrypt one OS or the other since OS X uses three partitions if you use FileVault, and Windows 7 uses two partitions if you use BitLocker.

Theoretical workarounds: I wonder if I could somehow get Windows 7's two partitions inside of an extended partition. Windows 7 doesn't allow you to install it like this since a logical partition can't be marked as active. But perhaps I could image them into logical partitions, and maybe it could still boot since it's being selected from the OS X boot menu.

Another idea is to have the Windows 7 boot partition on a USB drive (since I need the USB drive for BitLocker anyways). But this does not look promising since I have a USB drive with WinPE on it, and it does not show up in the Apple boot menu.

Any suggestions on this would be appreciated. I know some might suggest using virtualization for Windows, but that's not a good solution if you intend to do some gaming in Windows. Some might suggest using TrueCrypt for the Windows partition. I tried that, but it apparently doesn't work with Boot Camp.

Link to comment
Share on other sites

Doesn't Mac's come with the gpt partition table? You can just set the two windoze partitions as "mbr" primary partitions and the OSX ones (including the EFI partition) as gpt primary ones.

Link to comment
Share on other sites

Doesn't Mac's come with the gpt partition table? You can just set the two windoze partitions as "mbr" primary partitions and the OSX ones (including the EFI partition) as gpt primary ones.

The problem here is that when you boot up through Boot Camp, the OS sees the drive as having an MBR partition table. So to Windows, the OS X partitions count as the first three, and you are left with one available.

It's starting to look like this project may be a failure. I tried gathering an image of the Windows boot partition, then recreating it as a logical partition. But that would not show up on the Apple boot menu.

Link to comment
Share on other sites

  • 1 year later...

Doesn't Mac's come with the gpt partition table? You can just set the two windoze partitions as "mbr" primary partitions and the OSX ones (including the EFI partition) as gpt primary ones.

 

http://tumblr.tguum.kr/post/9709394290/enabling-bitlocker-with-osx-lions-filevault-activated

^^ the English is rough, and it is presented in a difficult way to understand besides.

 

It appears possibly this guy is manually editing the Hybrid MBR to effect the suggested fix (using GPT for Mac OS Filevault/boot and MBR for Windows Bitlocker/boot).

 

Can anyone read that post?

 

-Matt

Link to comment
Share on other sites

I have no way of contributing to this thread, other than saying that this sounds like encrypt-ception.

Link to comment
Share on other sites

This topic is now closed to further replies.