How do I decrypt a system that only has UEFI boot mode?
You are unable to use the Recovery ISO because your system does not have a Legacy mode option in the BIOS.
Examples include the Microsoft Surface devices.
The standard Recovery ISO is a 32bit version of Linux with limited hardware support.
Linux distributions only provide support for UEFI in their 64bit variants, which is why you need to use Legacy mode.
You may find that restoring from your backup is the quickest, and simplest, solution, however the guide below is provided so that you can decrypt a non-booting system.
The following instructions provide a way to use the 64bit version of Ubuntu and run the Recovery tool.
Note: As this is a Live CD environment, you will need to perform these instructions again if you need to reboot at all.
You will firstly need to download the following Ubuntu ISO from the link below:
Note: if the above link does not work, please let us know so we can provide an updated ISO.
The recovery tool, and instructions below, may not work on other version of Ubuntu or other flavours of Linux.
See this article for details: KB70 - How do I perform a full sector by sector backup of my hard drive?
In addition, click the link below to view the Ubuntu guide which outlines the process of running Ubuntu from a USB memory stick.
On some devices, you may be required to hold down keys or buttons to access the BIOS. You should consult the devices instruction manual or manufacturers website.
This process requires a working internet connection, a keyboard and a mouse!
ESET can only provide very limited assistance and support regarding the use of Ubuntu itself.
If your system contains hardware devices, such as WiFi or Ethernet adapters, that are not supported by this version of Ubuntu, you may need to find alternative hardware that is supported.
When Ubuntu first boots, choose "Try Ubuntu without installing" as shown below
Once at the Ubuntu Desktop, ensure your keyboard and mouse work.
If necessary, connect to a WiFi access point using the WiFi (fan shaped) icon near the top right corner of the screen.
Next, either press Ctrl + Alt + T to launch a Terminal window or click the Ubuntu icon in the top left corner, shown below
Then in the Search box that appears, type 'term' and press Return
In the Terminal window, type wget http://download.deslock.com/download/recovery/rec.sh and press Return
ubuntu@ubuntu : ~ $ wget http://download.deslock.com/download/recovery/rec.sh
This will download a script file, displaying output similar to to the image below
Resolving download.deslockc.com (download.deslock.com)... 18.104.22.168
Connecting to download.deslock.com (download.deslock.com)|22.214.171.124|:80...
HTTP request sent, awaiting response... 200 OK
Length: 1321 (1.3K) [application/x-sh]
Saving to: 'rec.sh'
rec.sh 100%[=====================>] 1.29K --.-KB/s in 0s
2019-01-01 00:00:00 (91.1 MB/s) - 'rec.sh' saved [1321/1321]
Next, type bash rec.sh and press Return
ubuntu@ubuntu : ~ $ bash rec.sh
The Script will display the following text, followed by a lot of output as it downloads, installs and sets up required components.
Downloading ESET Endpoint Encryption Recovery Tool
Downloaded file appears correct
Adding 32-bit Support
Updating Software DB
Once complete, you should see the following
Soft Linking libparted
Download script complete. Please continue following the KB article.
Now we can run the Recovery Tool.
Type sudo ./dlprecovery -s and press Return
ubuntu@ubuntu : ~ $ sudo ./dlprecovery -s
If everything was installed correctly, the Recovery Tool will run and you will see the following
ESET Endpoint Encryption FDE Recovery Tool
Version 1.10.0 (Build 42)
Copyright (c) ESET, spol. s r.o.
This software is bound by the standard Licence Agreement terms
Press Return to continue
From here, follow the on screen instructions to decrypt your device.
If the above did not work, please click here to view the Recovery Overview: KB346 - Full Disk Encryption Recovery Overview