Technical support

Knowledgebase: Full Disk Encryption
How do I decrypt a system that only has UEFI boot mode?
Article ID: KB281 email a link to this article

Before you start the recovery procedure, please ensure that you are following the correct recovery article: 

Full Disk Encryption Recovery Overview

NOTE: You MUST NOT use this recovery method when disks have been encrypted using OPAL

 

Important: Things to know before you start

You may find that restoring from a backup is the quickest, and simplest solution, however the guide below is provided so that you can decrypt a non-booting system.

In order to decrypt the system, you will need the following:

  • If you are decrypting a managed workstation, then you must have the correct FDE Admin credentials for the workstation.
  • For standalone workstations, either the User or the Admin credentials can be used.
  • This process requires a working Internet connection, a blank USB device (2GB or larger) and a keyboard & mouse.

Important: If the data on the system is important, then ensure a full sector-by-sector backup of the existing hard drive has been taken before attempting recovery. See this article for details: KB70 - How do I perform a full sector by sector backup of my hard drive?

Step 1: Obtaining the Ubuntu ISO

The following instructions provide a way to use the 64-bit version of Ubuntu and run the Recovery tool. As this is a Live CD environment, you will need to perform these instructions again if you need to reboot at all. 

You will need to download the following Ubuntu ISO: http://releases.ubuntu.com/16.04.2/ubuntu-16.04.2-desktop-amd64.iso

Please note, the instructions below may not work on other versions of Ubuntu or other flavours of Linux.

Step 2: Creating a bootable Ubuntu USB device

Please follow the link below which outlines the process of running Ubuntu from a USB memory stick.

http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows

Step 3: Booting Ubuntu on the Workstation

You will now need to boot from the USB stick, this may require you to change the Boot settings in the BIOS. On some devices, you may be required to hold down keys or buttons to access the BIOS. You should consult the devices instruction manual or manufacturers website. If your system contains hardware devices, such as WiFi or Ethernet adapters, that are not supported by this version of Ubuntu, then you may need to find alternative hardware that is supported.

Ensuring the USB device is connected to the machine, turn the machine on and, depending on the make/model, hold the correct key combination to access the boot menu. Select the USB device from the list to boot from it.

When Ubuntu first boots, choose Try Ubuntu without installing as shown below

Try Ubuntu

Step 4: Starting the recovery process in Ubuntu

Once at the Ubuntu Desktop, ensure your keyboard and mouse work correctly.

If necessary, connect to a WiFi network using the WiFi (fan shaped) icon near the top right corner of the screen. 

Next, either press Ctrl+Alt+T to launch a Terminal window, or click the Ubuntu icon in the top left corner

Ubuntu Icon

Then in the Search box that appears, type term and press Return

Ubuntu Search

In the Terminal window, type wget http://download.deslock.com/download/recovery/rec.sh and press Return

ubuntu@ubuntu : ~ $ wget http://download.deslock.com/download/recovery/rec.sh

This will download a script file, displaying output similar to to the image below:

Resolving download.deslock.com (download.deslock.com)... 195.26.236.242
Connecting to download.deslock.com (download.deslock.com)|195.26.236.242|:80...
Connected.
HTTP request sent, awaiting response... 200 OK
Length: 1321 (1.3K) [application/x-sh]
Saving to: 'rec.sh'

rec.sh              100%[=====================>]   1.29K  --.-KB/s   in 0s

2019-01-01 00:00:00 (91.1 MB/s) - 'rec.sh' saved [1321/1321]

Next, type bash rec.sh and press Return

ubuntu@ubuntu : ~ $ bash rec.sh

The script will display the following text, followed by a lot of output as it downloads, installs and sets up required components:

Downloading ESET Endpoint Encryption Recovery Tool
Download successful
Downloaded file appears correct
Adding 32-bit Support
Updating Software DB

Once complete, you should see the following:

Soft Linking libparted

Download script complete. Please continue following the KB article.

Now we can run the Recovery Tool.

Type sudo ./dlprecovery -s and press Return

ubuntu@ubuntu : ~ $ sudo ./dlprecovery -s

If everything was installed correctly, the recovery tool will run and you will see the following:

ESET Endpoint Encryption FDE Recovery Tool
Version 1.10.0 (Build 42)
Copyright (c) ESET, spol. s r.o.

This software is bound by the standard Licence Agreement terms

Press Return to continue

From here, follow the on screen instructions to decrypt your device.

If the above did not work, please click here to view the Recovery Overview: KB346 - Full Disk Encryption Recovery Overview


We use cookies on our website to enhance your browsing experience. Read more