My Apple iMac started to behave weird, with some Kernel Panics, grey screens and general crashes. While I was going through this I was pretty sure it wouldn’t hurt me as I had a TimeMachine for continuous backups. How wrong could I be!
After my Mac really crashed and my TimeMachine proved to be rubbish, I still managed to open the encrypted harddisk and made some backups by hand. I consider this quite a neat trick, so let me explain and perhaps save your day as well.
(updated with extra info)
Apple introduced a pretty strong disk encryption algorithm straight into OSX Lion. As a concerned person with security, I enabled this option. A TimeMachine is a pretty decent backup device, which has saved me a couple of times already. But this time was different. When I started to get Kernel Panics from OSX, it somehow trashed the TimeMachine as well. It requested a full backup after a couple of days. I thought about it, but decided ‘what could be wrong about a fresh backup?’ But around the backup my Mac started to crash so frequently and wouldn’t fire up at all for most of the times.
So with my old MacMini I tried to see what was there. I was able to mount the TimeMachine disk and saw only a ‘Partial’ bundle. I managed to browse it (open package) and found a partly backup. My last backup-backup to my QNAP NAS was around June. So all in all I missed some important documents and photos from the last half year. I was not yet ready to give up digging and found a neat little trick to get a full backup!
My Mac did boot in ‘Repair Mode’ (Option-R during boot) and I could fiddle a little around with the repair tools. They worked fine, but a TimeMachine recovery did not work obviously and Terminal only saw a locked disk. Disk Repair utility fixed my disk and said all was well. Well, it wasn’t as in normal mode it would still hang or panic.
Then suddenly I saw the option to select a boot device! I could select my iMacHDD boot device and it asked for a password to look inside the device to see if it was bootable. So I entered my password and after some time it told me it was ready for a reboot. I denied and went back to the recovery tools!
This time the locked FileVault had been mounted and I was able to use Terminal to see the devices content through the command line! It seemed I was saved, as all documents and files seemed to be accessible in /Volumes/iMacHDD/Users !!
I mounted an empty USB device and copied as much as I could to this disk. It is not fast. It takes some proper planning (do not forget to browse the ~/Library) and some files are useless, but the disk is in read-only, so I opened another bash terminal (!) and deleted some files from the USB drive as soon as they were copied over (like Parallels disks, which I do not care too much about).
I am currently copying this backup to my RAIDed NAS and will fetch some more data from my iMac. But most important Pictures and Documents seem to be save.
So: choose boot device, let it mount after you entered the password, go back to repair tools and use your command line magic!
I consider myself quite lucky to be able to come up with this scenario and work through the motions.
And yes, I will make more secondairy backups from now on and only partially trust my TimeMachine.
UPDATE
While I am typing this, my iMac is back alive. In the end is was all related to a faulty RAM unit.
I bought a new large USB drive and formatted it with the DiskRepair tool during recovery. I formatted it with Apple’s filesystem HFS. My previous copying had deleted or scrambled most filedates. This time the disk was large enough to copy the entire disk. I used ditto this time as well.
In the mean time I was also able to mount my QNAP NAS over the network. Cifs did not work, and the command mount never worked, but /sbin/mount_afp worked fine (and my QNAP supports afp as well after a tick in the appropriate box).
I was able to do a full recovery during the reinstall of Lion from this my new USB disk. Apple has developed real nice software for this… if it works 😉
