Recovery HD – Do you need it and how do you image it?
One of the new less-known features in 10.7 is the Lion Recovery feature. The general idea is that you can boot from the hidden Recovery HD partition on your hard drive, or NetBoot from Apple’s Lion Internet Recovery (Internet Recovery is currently only available to the mid-2011 MacBook Airs and Mac Minis). Once booted to it, you’ll have access to all of the tools you need to reinstall Lion, repair your disk, and even restore from a Time Machine backup.
For Mac sysadmins, this can present an imaging problem as our imaging tools have been focused on applying an image to a partition. Imaging with the Recovery HD partition involves the following:
A) Repartitioning the drive so that you’ve got a 620 MB slice available for the Recovery HD partition.
B) Laying down two separate images, one for your regular 10.7 image and the other for Recovery HD.
Since the average sysadmin has other tools available to boot and fix the Mac, there may be a strong temptation to say “The heck with it. Why do I need it?”
Depending on your environment, you may not need it. However, there’s one place where having Recovery HD present is absolutely essential: If you plan to use FileVault 2.
Why does FileVault need Recovery HD?
FileVault 2 encrypts your boot partition, but your Mac still needs an unencrypted space to boot to and allow access to the encryption unlock tools. The Recovery HD partition serves as the needed unencrypted space. The FileVault encryption process will check before beginning the encryption to see if the Recovery HD partition is there and will not start the encryption process if it’s not there.
What imaging tools support imaging the Recovery HD partition?
There are currently two tools that I’m aware of that will lay down the Recovery HD partition as part of the imaging process. The first is Apple’s NetRestore and the second is DeployStudio.
As part of the imaging process, NetRestore will create the Recovery HD partition on the fly. Unfortunately, this means that you have to boot from NetRestore NetBoot set for this. You can’t create the NetRestore image in System Image Utility, pull out the System.dmg image and then apply it to get both the 10.7 partition and the Recovery HD partition created. Instead, you would have one partition with your 10.7 image on it.
UPDATE 7-28-2011: I re-ran my tests with NetRestore, after making sure that I only had one partition. I was flat wrong, NetRestore does not create the Recovery HD partition as part of the imaging process. Sorry for any confusion this may have caused.
DeployStudio – DeployStudio doesn’t build the Recovery HD partition from scratch. Instead, if you build a 10.7 Mac using the 10.7 installer, then pull an image of it using a DeployStudio rc128 boot set running 10.7.x. the DeployStudio boot set will pull both the 10.7 partition and the Recovery HD partition (assuming if it exists) as two separate images.
When imaging a new machine with that pulled image from a DeployStudio rc128 boot set running 10.7.x, if the Restore system recovery partitions option is checked in DeployStudio Admin for this imaging workflow, DeployStudio will restore both partitions automatically.
Note: It’s important that your DeployStudio rc128 boot set be running 10.7.x, as only 10.7′s asr command-line tool will handle the imaging process properly for restoring both partitions.