User profile for user: the_dave2001
the_dave2001 Author
User level: Level 1
8 points

Getting Time Machine data off of an external hard drive partition

I have a MacBook Pro (2019 Intel), which I upgraded from Mojave to Big Sur. An error occurred in installation, and I wiped the hard drive to install a clean version of Big Sur, which succeeded. I figured I would restore my data from my Time Machine backup, which was a partition on a Western Digital Passport Ultra external drive. When I connected the drive, I was asked for a password, and I remembered that I had encrypted it when I set it up (I won’t do that again!). I figured out my password and unlocked the drive. I then opened Migration Assistant, which also asked for the password. This time when I entered it, it was refused. I tried connecting the external up to a computer running Big Sur and another running Mojave; in each case, I was prompted for the password to unlock it, and in each case, the correct password was refused.


I contacted Apple support, who suggested that I try removing the Time Machine plist file on the Big Sur computer. It had no effect. They suggested then that I contact WD support. 


WD support suggested I try WD Security to remove the password from the drive. When I opened WD Security, it gave me an option to add a password, but not to remove one. It seemed that the encryption passwords applied to the partitions on the drive, rather than the drive as a whole. WD support suggested I contact a data recovery outfit.


Is there some way to get access to my data again?

MacBook Pro 13″, macOS 11.5

Posted on Aug 30, 2021 5:19 PM

Reply

Similar questions

7 replies
User profile for user: James Brickley
James Brickley
User level: Level 5
5,692 points

Aug 30, 2021 10:48 PM in response to the_dave2001

When you attach the drive and unlock it does it mount the drive in macOS on the computer where you first attempted it? Because it sounds like you did unlock it but then ran into another problem with Migration Assistant asking for a password.


What do you see when you attach the drive and unlock it initially? Open Finder and press CMD+Shift+G and put in the path /Volumes and hit Return. You should see the drive, click on it see if you can access the files without using migration assistant or Time Machine.


Sadly, your keychain likely held the passwords to unlock the drive and to unlock encrypted backups. The keychain was nuked when you wiped out the internal drive and re-installed Big Sur from scratch. If the drive is either HFS+ with disk encryption or APFS with disk encryption and you cannot mount it and the password fails. There may be no recovery even by professional data recovery specialists. The encryption is very strong.

Reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,692 points

Sep 1, 2021 7:35 PM in response to the_dave2001

Is this a T2 equipped or M1 Mac? If so you have a Secure Enclave and if you managed to completely reset the system the Secure Enclave holds the private keys used with passwords for encryption. The T2 / M1 are factory encrypted all the time. If those keys were tossed you may not be able to unlock even if you have the password. The password generates the public key and that is sent to the Secure Enclave which holds the corresponding private key pair which won't be found.


Encryption will protect you but it can actually bite you in this particular scenario and others.

Reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,692 points

Sep 1, 2021 2:36 PM in response to the_dave2001

Well it sounds like you still do not have the right password for the sparse disk images (encrypted Time Machine disk images) that are apparently locked with different passwords. The drive itself shows up and the disk mounts but the sparse volumes are not mounted because they are encrypted and you need the password to mount them.


Before you wiped out the internal drive those passwords were saved in the keychain. So when you attached the external drives they unlocked magically as the keychain would just pre-fill the passwords and submit them. This is why encrypting your Time Machine backups is dangerous if you cannot remember the password.


Do you have another backup? If not, you will just have to keep trying passwords and hope you get lucky or remember what password you set long ago.

Reply
User profile for user: the_dave2001
the_dave2001 Author
User level: Level 1
8 points

Sep 1, 2021 1:29 PM in response to James Brickley

Thank you for the quick response, James. When I attach the drive, I am prompted for the password to first one partition, then the other. It seems the passwords were applied to the partitions and not to the drive as a whole. When I enter the correct password to access the partition -- the one that worked once at the beginning of the ordeal -- the password window shakes "no." I did not see the drive in the Finder window, but when I opened Disk Utility and selected Show All Devices, the drive appears to be mounted (at least the Mount button is grayed out, and I have the option to eject it), and the two partitions are listed underneath it, but they are both grayed out and ask for a password if I try to mount them from the menu there.

Reply
User profile for user: the_dave2001
the_dave2001 Author
User level: Level 1
8 points

Sep 1, 2021 3:58 PM in response to James Brickley

I think I've fallen short in explaining what's happening -- I did remember the passwords for the partitions, and I successfully unlocked them both, but only the first time. It's almost as if the password changed between (a) the first time I connected the drive up and successfully unlocked the partitions and (b) the time that Migration Assistant asked me for the password to start restoring.

Reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,692 points

Sep 2, 2021 5:09 AM in response to the_dave2001

I was incorrect. Removable storage devices are not utilizing the T2 / M1 Secure Enclave private keys. Providing you can remember the password you should be able to mount those Time Machine encrypted drives on this Mac or any Mac.


Removable storage devices

Encryption of removable storage devices doesn’t utilize the security capabilities of the Secure Enclave, and its encryption is performed in the same manner as an Intel-based Mac without the T2 chip.


https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/1/web/1


If the decryption password is lost, then your drive is lost forever. You can’t retrieve data from the drive anymore. For that reason, always keep the decryption password in a safe location so that it can be used as and when required. Any 3rd party data recovery service or tools require the decryption password.

This is the risk of encrypting Time Machine drives. You have to remember the password and that password is saved into the macOS Keychain for the sake of convenience. But wiping the internal drive also erases the Keychain. Same with FileVault2 and the Recovery Key if not saved in iCloud, escrowed with a third party tool, or written down. Without the password or the Recovery Key data is irretrievable.


It depends on each scenario. For personal home use? I would not recommend encrypting Time Machine backups unless you take extreme caution to write down the password and keep it secure. Or at least keep one unencrypted backup via a disk clone (Carbon Copy Cloner / SuperDuper!) and lock it in a fireproof safe or rotated offsite to a bank safety deposit box, etc.


Rene Ritchie on why you should consider *NEVER* encrypting backups:

https://www.youtube.com/watch?v=X5c4Jarmu0I



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Getting Time Machine data off of an external hard drive partition

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up