Skip navigation

Using USB for Bitlocker in a Bootcamp install of Windows 7 x64 Ultimate on early-2011 Macbook Pro

2854 Views 13 Replies Latest reply: Dec 10, 2012 10:57 AM by captaincrash7 RSS
soletan Calculating status...
Currently Being Moderated
Mar 3, 2012 5:08 AM

First of all some details on my current setup:


Macbook Pro 15" (early 2011) with a i7 QM processor and 8 GB RAM, Superdrive and HD installed

Mac OS X 10.7.3

Windows 7 x64 Ultimate in a Bootcamp setup

Existing partitions on HD are EFI, MacOS X, Bitlocker Startup, Windows


I removed "Recovery HD" after creating DVD image contained in latest Lion installer from AppStore.


What I got so far:

It took some time to find a way for Windows getting a second partition to be used for Bitlocker startup files. Using existing partition layout I replaced previously existing "Recovery HD" partition for Bitlocker partition in Windows (after taking dd-based image of Recovery HD).


Recently I tried to enable Bitlocker and continued to fail on Bitlocker System Check claiming to have no access on USB while booting. And that's my issue ...


I read about using Windows' diskpart to have a GPT partitioned USB stick containing single NTFS partition. I tried to achieve the same with disk management in Mac OS X though it was creating a hybrid MBR/GPT setup that wasn't recognized by Windows at all. Then I tried partitioning in Mac OS X to have GPT partitioning, used Clonezilla Live CD's gdisk to apply hybrid setup another time. I even tried to do the whole partitioning in Linux using gdisk, but Windows still didn't recognize the formatted partition on USB stick then. So, the only way found is using diskpart in Windows to get a GPT-based USB-stick with a single NTFS partition.


I put my startup key there (attributed as hidden, system file) and tried to restart several times. On every boot Windows is prompting for inserting valid startup key as it wasn't found. The partition is encrypted already and entering the printed 48 digits recovery key gets me in every time.


If I keep the stick inserted the boot is noticeably delayed, but it's instantly continuing as soon as I unplug the stick. So there is something processing the stick ... I tried different sticks, but hope it's not related to using one special stick since they are used to support similar (equivalent) interfaces, aren't they?


Don't tell me about using TrueCrypt or similar as I prefer to use existing software instead of adding 3rd-party software doing things the same way. And for True Crypt USB must be readable at boot as well. And previous trials with different approaches rendered all failing at some point of setup. Finally, I don't want to reinstall existing Windows as it keeps me from working even more.


Found some post regarding trouble with Lion installations (e.g. I can't use rEFIt ... it simply didn't show up and this seems to be related to using Lion), found the KB article of Apple on preparing USB external storage for use at boot, but all troubleshooting hints didn't help.


What the heck is wrong with this setup?


EDIT: There is no problem to have Bootcamp starting previous Recovery HD partition now Bitlocker startup partition instead of originally prepared Bootcamp partition, which is encrypted now. This is in contradiction to other posts here. I'm sure Apple support isn't best choice to ask for support as this problem is MS specific and thus Apple won't care that much ...

MacBook Pro (15-inch Early 2011), Mac OS X (10.7.3), Superdrive, HD
  • Shootist007 Level 6 Level 6 (16,640 points)

    Why not just use a Windows Notebook PC. If you run Windows as your main system and need to use BitLocker for security that would be the simple soluition to all your problems.

    Not sure why you even bought a Mac.

    Seems kind of foolish and a waist of money, IMHO.


    Oh and now comes "But Macs are built better". Not true at all.


    Good Luck.

  • The hatter Level 9 Level 9 (58,535 points)

    I don't think I have seen a happy Bitlocker thread, though maybe someone solved their issues and didn't come back to close out the thread. Those tneded to be using Entterprise but that is probably minor.


    most 'hits' look like dead-end rabbit hole rather than answers.... but:



    Just noticed in the release notes that Carbon Copy Cloner will clone the Lion Recovery volume if needed.


    Windows support, and more motherboards supporting UEFI should make it easier?


    Along with EFI, which there is/was one for each HFS volume, there is of course the main GPT (which has the MBR protective layer and which Apple probably makes active but is there for XP and older/foreign OS to prevent them from over-writing a disk drive.


    I use GPT even for data drives in Windows rather than MBR.


    Windows tends to not have the necesary fan control from the sensors which to me is a real issue that has not been addressed. But the popularity and price of the MacBook line and of the Air in particular has meant a lot of people using them for linux only and Windows.

  • captaincrash7 Calculating status...

    I think the issue is that a number of MB Pros (mine for example; Mid 2010 17") present all of their USB ports via a built in hub, and the Bitlocker bootloader simply can't find the flash drive as it doesn't have a hub device driver.


    You can see whether your model has an internal hub in device manager by selecting View, Devices by Connection and then drilling down to ACPI x65-based PC, PCI Bus, Intel (some series) USB Enhanced Host Controller. I bet if your device is attached directly to the USB Root Hub you are good to go. My model however has a Generic USB Hub underneath both of the USB Root Hubs presented by the host controller.


    I'm going to take a look at the bootloader and see if anything can be done, but I'm not hopeful!

  • Csound1 Level 7 Level 7 (32,300 points)

    The only way I have ever managed to use BitLocker on a Mac was to repartition the drive to 1 and then do a native install of Windows, this I do on MBA's for some clients who prefer to look cool but actually want Windows. It works extremely well but no Mac operating system onboard (you can still boot Lion from an external if you need to). Same goes for Truecrypt (which I actually prefer to BitLocker), but that's another thing.

  • Csound1 Level 7 Level 7 (32,300 points)

    soletan wrote:


    @csound: Using Bitlocker isn't actually requiring to drop Mac OS X. With Lion OS X installs it's basically about dropping the Recovery HD partition just to use it for Bitlocker's unencrypted bootup part. In addition I still believe using customized hybrid GPT/MBR setups it should be possible to even keep both OSX and Recovery HD partitions next to 2 Windows partitions (for Windows and Bitlocker/TrueCrypt) by dropping opportunity to access Mac OS X drive from WIndows. This can be achieved by grouping both OSX-related partitions in a single "GPT locked" partition appearing as one of four partitions in MBR (instead of two partitions - one is Win-readable OS X and one is Win-hidden Recovery HD). This enables to have two separate partitions in Windows, but I think this fixation of partition setup should be done after running Bootcamp Assistant, but prior to installing Windows actually.


    In my case I simply couldn't test that much since I had to find solution without requiring re-installation of either system.

    I have tried that method, it failed more often than it worked and took up far too much of my time to get working, as these clients wanted encrypted Windows installations and did not use OSX there was no point in making it harder than it was.


    Have you tried what you state in your post? I see a lot of 'I believes' 'I think' and 'shoulds'

  • captaincrash7 Level 1 Level 1 (0 points)

    @soletan; same, EFI can detect the usb key no problem but, its the Bitlocker boot loader that can't access a device on a downstream hub I think. The Bitlocker bootlader has been demonstrated capable of reading a USB key in both GPT or MBR disk with other h/ware, however I would guess it wouldn't pick up the key if it was plugged in via a hub to those platforms either.


    I've got refit working fine but I'm not using Lion. I'm currently exploring using DiskCryptor which can use a USB Key, but as an EFI boot device that bootstraps windows (which we know will work), opposed to Bitlocker using it its own pre-os driver.

  • captaincrash7 Level 1 Level 1 (0 points)

    Just a quick update, no change in Windows 8 RTM (wasn't hopeful but thought I would try). I'll continue to use a password!


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.