Menu

Subscribe

Fixing FileVault / BitLocker dual boot after upgrading to El Capitan

on bitlocker, dual-boot, filevault 0 Comments

I run a MacBook Pro which I dual boot into OS X and Windows. As I have client data on both systems, they are both encrypted using FileVault and BitLocker respectivly.

Unfortunately this is not a supported configuration. I used Joe Raff’s instructions to setup my system and have both drives encrypted. All was well until I updated to El Capitan at the weekend.

Update - 30th December 2015

After upgrading to OS X 10.11.2 my Master Boot Record has been reset again. I have added more detail to the instructions and the screenshots I missed first time.

What happened?

This morning, when I booted into the Windows partition I got the automatic recovery assistant. After a couple of reboots I leant from the strtrail.txt log that my boot configuration is corrupt. Ouch.

This is an extract of the log:

Root cause found: 
---------------------------
Boot configuration is corrupt.

Repair action: Partition table repair
Result: Failed. Error code =  0x490
Time taken = 427062 ms
```

I booted back into OS X and ran:

`sudo fdisk /dev/disk0`

Which produces:

![](/content/images/2015/12/broken-fdisk.png)

Instead of this:

![](/content/images/2015/12/correct-fdisk.png)

# The Fix

Here is the TL;DR. Full steps below.

1. Boot into OS X recovery mode.
2. Rebuild the MBR.
3. Boot Windows installer from a USB drive.
4. Repair the Windows installation.
5. Everything works again.


## 1. Boot into OS X recovery mode

Reboot the Mac, and press `CMD + R` to boot into recovery mode. More information from Apple [here](https://support.apple.com/en-us/HT201314). I found that I could not save the changes to the MBR from El Capitan.


## 2. Rebuild the MBR

The following steps are based on [Joe’s instructions](http://joeraff.org/20131010/how-to-use-both-filevault2-and-bitlocker-simultaneously-on-a-dual-boot-mac-running-bootcamp/) to initially setup your dual booting Mac.

**1. Get the details of the GPT table**

From OS X recovery, open the terminal and run the following command (note you don't need `sudo` here as you already have admin permissions): 

`gpt -rv show -l disk0`

![](/content/images/2015/12/gpt.png)

Take note of the start point, size and type of partition.  The Mac encrypted loader and Windows partitions are the items at indexes 1, 2 and 5. On your system this may differ but index 1 should remain the same.

**2. Erase and recreate the MBR table**

We will only include the Mac encrypted loader and Windows partitions.  Open [fdisk](https://en.wikipedia.org/wiki/Fdisk) in edit mode:

`fdisk -e /dev/disk0`

Next, erase the MBR table:

`erase`

Now edit the first partition to match the OS X encrypted loader partition. The details are from index 1 above but should be identical to this (as of OS X 10.11.2 in a standard scenario)

`edit 1`

Partition id : EE
CHS mode : no
Partition offset: 1
Partition size: 409600


Then add the first windows partition. I got the offset and size from index 2 above – this will be different on your systems so pay attention to YOUR start and size parameters and ensure its the the correct Windows partition.

`edit 2`

Partition id : 07
CHS mode : no
Partition offset: 411648
Partition size: 2097152


Now add the second Windows partition. I got the offset and size from index 5 above – this will be different on your systems so pay attention to YOUR start and size parameters and ensure its the the correct Windows partition.

`edit 3`

Partition id : 07
CHS mode : no
Partition offset: 645408136
Partition size: 292032768


Then save the MBR table:

`write`
 
## 3. Boot the Windows installer from a USB drive

Make a bootable USB drive with the Windows installer on it, and use that to boot the Mac.


## 4. Repair the Windows installation

Accept the Windows installer language settings, and the click the small “Repair Windows” link in the Windows installer install page. Then drill down the menus:

`Troubleshoot > Advanced Options > Start-up Repair`

You'll need to enter your BitLocker recovery key here. 

## 5. Everything works again

The startup repair will take a few minutes to run. Hopefully that will recreate the missing boot records, and you will be able to dual boot your FileVault / BitLocker system again.