Skip navigation

Partition Strategy for Bitlocker

2809 Views 11 Replies Latest reply: Aug 29, 2013 12:57 AM by ItIsJustMe RSS
ItIsJustMe Calculating status...
Currently Being Moderated
Aug 17, 2013 2:30 PM

This conversation was started over here:


I run bootcamp and Parallels (the latter using the bootcamp installation as the guest OS) on a 15" rMBP with 256GB SSD.  I use Win8 as the guest OS and Mountain Lion on the host.  I have been trying to enable bitlocker in the guest OS and when I attempt to create another partition (required with bitlocker on a system drive) using the Win8 command:


BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500 -quiet –restart


I receive the error:


Disk already has the maximum number of primary and extended partitions. Use the

'-driveinfo' command for a list of valid target drives.


This of course is related to the issue originally noted in this thread about hybrid MBR as I already have all four allowed partitions.  It looks like there may be a way around this using some of the techniques described in this thread however rather than creating another partition visible to OSX (which is what OP did) I want to create two partitions visible to Win8.  Would someone be so kind as to walk through how I would accomplish that?


Thank you!


In hopes of increasing the Google-ability of this thread for future people with this issue, Bitlocker Drive Encryption returns the message "Bitlocker Setup could not find a target system drive.  You may need to manually prepare your drive for Bitlocker."  The Event Log contains the following errors in the Bitlocker-DrivePreparationTool log:


Error Code: 0xC0A00007

Error Text: BitLocker Setup could not find a target system drive. You may need to manually prepare your drive for BitLocker.




A volume failed to meet the requirements for a target volume.

Volume Name: \\?\GLOBALROOT\Device\HarddiskVolume4

Reason: The system drive cannot be used for the merge operation.

  • Christopher Murphy Level 2 Level 2 (470 points)
    Currently Being Moderated
    Aug 17, 2013 4:02 PM (in response to ItIsJustMe)

    GPT 2 is Core storage, presumably using Filevault 2, so GPT 3, Recovery HD is required and can't be deleted.


    So after the obligatory backing up you need to do first, the next step after that is you need to resize this NTFS volume (GPT 4). What utility you use will determine which partition map will be corrects so you have to know these things or you'll experience data loss. Doing it in Windows will change the MBR, so the MBR will show the correct start and end LBA for the Windows partition, the GPT will not. Doing it in OS X will first require a utility that can resize NTFS like building NTFS-3G with Macports, and this will only update the GPT. The MBR will no longer be valid.


    The other alternatives are to use a Linux Live CD/DVD that has NTFS-3G tools already built and installed, and use something like gparted to resize. Or buy a 3rd party utility like Camptune, iPartition, or WinClone.


    You'll have to check Bitlocker documentation as to how big this unencrypted volume needs to be, and if it needs a unique partition type code, and what that is.

  • Christopher Murphy Level 2 Level 2 (470 points)
    Currently Being Moderated
    Aug 17, 2013 4:06 PM (in response to Christopher Murphy)

    If you use a Linux Live CD/DVD and gparted that'll probably modify the GPT. The only way to be certain is to output the MBR and GPT before you start and then see which changes.


    If you use the listed 3rd party (not free) products, they will correctly modify the GPT and MBR.

  • Rudegar Level 6 Level 6 (18,420 points)
    Currently Being Moderated
    Aug 18, 2013 1:41 PM (in response to ItIsJustMe)

    If you dont have really really secret stuff or is an agent then dont use these things if your system crash you lose everything

    If you dont you can always put the hd in a ext box and save your data

  • Christopher Murphy Level 2 Level 2 (470 points)
    Currently Being Moderated
    Aug 18, 2013 5:14 PM (in response to ItIsJustMe)

    Another option, is to convert the disk to MBR only. This has two consequences: the disk can't be larger than 2.2TB or remaining space won't be uable; firmware updates won't be possible as the EFI System partition is needed to stage firmware updates. Otherwise, OS X can boot from MBR only disks. Such a disk would have OS X on the first partition and Recovery HD on the 2nd partition, leaving two primary partitions for other OS's. You could boot OS X off an different disk that uses GPT and has an EFI System partition, should you need to apply firmware updates down the road.


    This is probably the most reliable and lease invasive option, short of figuring out how to get Windows 8 to install on a Mac in EFI mode (obviating Boot Camp Assistant, the CSM, and the need for a hybrid MBR).


    As for getting spare disk space into an encrypted FileVault volume, this is tricky. I'm pretty sure officially, you're supposed to disable FileVault 2, wait for it to fully decrypt the OS X volume, resize it to consume all space, then re-enable FileVault 2. This obviously will take some time. There is a way to add the unneeded partition as a Core Storage Physical Volume to the existing Logical Volume Group used for the FileVault 2 OS X volume. And then grow the Logical Volume (on which OS X resides). It may sound a little screwy, but this sort of thing has been done on Linux with LVM for around 15 years. Two partitions are added to a volume group, and a single logical volume is created from the volume group. So it looks and behaves like a single volume even though it's made from two partitions (it would work this way if it were made from two disks, which is how fusion drives are created). The encryption is applied because a logical volume family (LVF) with an encryption attribute is attached to the Logical Volume.


    I don't yet know of a GUI way of doing any of this, however, only by using the diskutil coreStorage commands.

  • Christopher Murphy Level 2 Level 2 (470 points)
    Currently Being Moderated
    Aug 26, 2013 4:42 PM (in response to ItIsJustMe)

    The "easist" method is the one done entirely in the GUI and is documented. It also takes a long time. Hours in each direction to decrypt, then encrypt again.


    That version is to disable FileVaul2, then use Bootcamp Assistant to remove Windows which should also resize the OS X volume to its original full consumption of the disk (minus a few hundrew MB), and then reenable FileVault 2.


    I think it's equally acceptable to change the Windows partition into a CoreStorage PV (physical volume) by adding it to the existing CoreStorage VG (volume group) and then growing the existing LV. Functionally it'll be the same result.


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.