locked
Backup / Restore of entire Bitlocker-encrypted Laptop possible? RRS feed

  • Question

  • Hello

     

    My Laptop dutyfully backs itself up every night onto WHS. It runs Vista Ultimate, and is Bitlocker encrypted.

     

    This means I get two partitions: A small one (the active partition) is mapped to drive S: and contains the bootup code, the big one is mapped to drive C and is encrypted. The backup is configured to backup both partitions.

     

    Since WHS backup works on a sector level I assume all data from drive C is actually moved in encrypted form to WHS. One can immediately think of a number of challenges at restore time, such as recovering and integrating the encryption key so that the restored partition can actually be read.

     

    So, to make a long story into a short question: Did someone actually try and succeed (or fail) in restoring a bitlocker-encrypted partition (bootpartition or otherwise)?

     

    Thanks! Martin

    Wednesday, July 11, 2007 6:29 AM

Answers

  • Backup and restore of BitLocker encrypted volumes is possible, and you need to make sure that all volumes on the hard disk are marked for backup.

     

    Saturday, July 28, 2007 4:35 AM
    Moderator
  • Okay, "disk image" isn't quite accurate, in terms of what's backed up. You're right there; it's done file by file. In terms of how it's restored, "partition based" is pretty close (it's still restored file by file, however every file on the partition is restored at once, and you lose the previous contents of the partition). You can restore an entire partition at a time, to the exact state it was in when it was backed up.

    As for restoring to a smaller partition, no you can't do that. Even though it seems like you should be able to.
    Monday, November 19, 2007 1:20 AM
    Moderator

All replies

  • Backup and restore of BitLocker encrypted volumes is possible, and you need to make sure that all volumes on the hard disk are marked for backup.

     

    Saturday, July 28, 2007 4:35 AM
    Moderator
  • Martin,

    Did this successfully on an Asus laptop, some time ago.

    As Tom says, you must have all the drives backed up at the same time.

     

     

    HTH,

     

    Colin

    Saturday, July 28, 2007 5:44 PM
  • Hello

     

    Sorry to reopen the thread, but I have another question!

     

    First a bit of good news:

    A few months ago I installed a new, bigger hard drive in my Laptop. All I had to do was partition it first using the Vista Boot DVD (into the two drives Bitlocker needs: The small boot drive and the actual C: drive), and then restore both drives from Home Server using the Home Server Restore Boot CD. The machine booted right away afterwards with the new hard drive.

     

    Now the pretext for the question: A few months later I discovered that the C: drive was not encrypted, while the C: partition of the old harddrive was.

    I thought that Homeserver Backup works "on a sector level", annd hence the data from the old C: drive should have been backed up and later restored in encrypted format.

     

    So the question: Does "sector level" really mean the "raw data", or is it the sector after it has passed through decryption?

     

    I would actually prefer the latter, because otherwise one would have a lot of data doubled in the backup files, because in encrypted form identical data from multiple home PCs looks of course different.

     

    Thanks! Martin

    Saturday, November 17, 2007 9:52 AM
  • Windows Home Server backup doesn't work on the physical sector level, it works on the logical cluster level. It breaks files up into 4KB clusters for backup. So I'm not entirely surprised that the restore wasn't encrypted; a disk image-based restore (that's what the Restore CD does) will of course wipe the partition before restoring to it.
    Saturday, November 17, 2007 6:27 PM
    Moderator
  •  Ken Warren wrote:
    ...a disk image-based restore (that's what the Restore CD does) will of course wipe the partition before restoring to it.

    Thanks for the explanation!

    I am not sure "disk image-based" is quite the right term: I had to create the partitions myself before it even attempted to restore. So at most it would be a "partition image-based" restore. But even here I am not sure: It didn't complain that the new partition was bigger than the "image" (I know: even for an imager that's no problem).

    Still, I have the suspicion that a badly fragmented say 60GB partition with 40GB data on it could be restored to a 41GB partition. The reason I think this is that the backup doesn't seem to be affected by the daily run of the disk defragmenter, i.e. it doesn't backup the moved around clusters again, much like a file-based backup wouldn't do this. Then again: Maybe it actually does update the new location of the moved clusters somewhere in a table...

     

    Anyway: It seems clear the the data from a bitlocker (or for that matter even WinXP) encrypted partition ends up on Home Server in cleartext.

     

    Regards, Martin

    Saturday, November 17, 2007 6:49 PM
  • Okay, "disk image" isn't quite accurate, in terms of what's backed up. You're right there; it's done file by file. In terms of how it's restored, "partition based" is pretty close (it's still restored file by file, however every file on the partition is restored at once, and you lose the previous contents of the partition). You can restore an entire partition at a time, to the exact state it was in when it was backed up.

    As for restoring to a smaller partition, no you can't do that. Even though it seems like you should be able to.
    Monday, November 19, 2007 1:20 AM
    Moderator
  •  Tinue wrote:

    The reason I think this is that the backup doesn't seem to be affected by the daily run of the disk defragmenter, i.e. it doesn't backup the moved around clusters again, much like a file-based backup wouldn't do this. Then again: Maybe it actually does update the new location of the moved clusters somewhere in a table...

     

    WHS backs up clusters and every unique cluster only once. So if you move a cluster e.g. during defrag to a new position only the new position is saved during next backup. This is not file nor partion level, this is cluster level which makes this and other operations like the backup of every unique cluster only once across all PCs that are backed up using WHS. So if you have e.g. Word2007.exe o na vista machine backed up and are also backing up a Win XP machine with also Word2007 on it that word2007.exe wont be copied again during that WinXP PC backup, but just pointed to as reference.

    Thursday, August 21, 2008 4:26 PM