Home > Mac administration, Mac OS X > Recovery HD – Do you need it and how do you image it?

Recovery HD – Do you need it and how do you image it?

One of the new less-known features in 10.7 is the Lion Recovery feature. The general idea is that you can boot from the hidden Recovery HD partition on your hard drive, or NetBoot from Apple’s Lion Internet Recovery (Internet Recovery is currently only available to the mid-2011 MacBook Airs and Mac Minis). Once booted to it, you’ll have access to all of the tools you need to reinstall Lion, repair your disk, and even restore from a Time Machine backup.

For Mac sysadmins, this can present an imaging problem as our imaging tools have been focused on applying an image to a partition. Imaging with the Recovery HD partition involves the following:

A) Repartitioning the drive so that you’ve got a 620 MB slice available for the Recovery HD partition.

B) Laying down two separate images, one for your regular 10.7 image and the other for Recovery HD.

Since the average sysadmin has other tools available to boot and fix the Mac, there may be a strong temptation to say “The heck with it. Why do I need it?”

Depending on your environment, you may not need it. However, there’s one place where having Recovery HD present is absolutely essential: If you plan to use FileVault 2.

Why does FileVault need Recovery HD?

FileVault 2 encrypts your boot partition, but your Mac still needs an unencrypted space to boot to and allow access to the encryption unlock tools. The Recovery HD partition serves as the needed unencrypted space. The FileVault encryption process will check before beginning the encryption to see if the Recovery HD partition is there and will not start the encryption process if it’s not there.

What imaging tools support imaging the Recovery HD partition?

There are currently two tools that I’m aware of that will lay down the Recovery HD partition as part of the imaging process. The first is Apple’s NetRestore and the second is DeployStudio.

NetRestore – As part of the imaging process, NetRestore will create the Recovery HD partition on the fly. Unfortunately, this means that you have to boot from NetRestore NetBoot set for this. You can’t create the NetRestore image in System Image Utility, pull out the System.dmg image and then apply it to get both the 10.7 partition and the Recovery HD partition created. Instead, you would have one partition with your 10.7 image on it.

UPDATE 7-28-2011: I re-ran my tests with NetRestore, after making sure that I only had one partition. I was flat wrong, NetRestore does not create the Recovery HD partition as part of the imaging process. Sorry for any confusion this may have caused.

DeployStudio – DeployStudio doesn’t build the Recovery HD partition from scratch. Instead, if you build a 10.7 Mac using the 10.7 installer, then pull an image of it using a DeployStudio rc128 boot set running 10.7.x. the DeployStudio boot set will pull both the 10.7 partition and the Recovery HD partition (assuming if it exists) as two separate images.

When imaging a new machine with that pulled image from a DeployStudio rc128 boot set running 10.7.x, if the Restore system recovery partitions option is checked in DeployStudio Admin for this imaging workflow, DeployStudio will restore both partitions automatically.

Note: It’s important that your DeployStudio rc128 boot set be running 10.7.x, as only 10.7’s asr command-line tool will handle the imaging process properly for restoring both partitions.

  1. July 21, 2011 at 8:06 pm

    Have you tested netRestore images of Lion? Does it actually create a proper Recovery Partition automatically or are there options I have to set? It’s just that Apple say you have to do a netInstall of Lion if you want a recovery HD in their Mass Deployments article here: http://support.apple.com/kb/HT4746

    I’m planing for large deployments and I would need to net boot to a net restore image, so I’m not so worried about being able to expand the disk image.

    • July 21, 2011 at 8:23 pm

      I have tested NetRestore using the 10.7 GM installer and it does create the Recovery HD partition if you’re using the NetRestore NetBoot set to install the image. If the image is extracted from the NetRestore set and applied via DeployStudio or Disk Utility, no Recovery HD partition is created.

  2. July 21, 2011 at 9:15 pm

    Just to clarify then thats a netRestore image not a netInstall of 10.7.

    If so excellent news!

    • July 21, 2011 at 9:29 pm

      Right, this is NetRestore. When you’re imaging, you should see entries similar to this in the log to show that it’s creating the Recovery HD partition (log actually from a 10.7 installer; I wasn’t able to save entries from the NetRestore imaging process.)

      The Installer entries that described creating the Recovery HD partition on my Lion hard drive:

      Jul 1 16:55:32 localhost OSInstaller[332]: Reapable space: 0.0 MB
      Jul 1 16:55:32 localhost OSInstaller[332]: Creating recovery system for volume “Lion HD”.
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ->T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: inParams={
      DMGChunkFile = “”;
      DMGFile = “/Volumes/Lion HD/Mac OS X Install Data/BaseSystem.dmg”;
      DonorDiskUDSW = “disk0s3 Lion HD”;
      RepairDonor = 0;
      VerifyImage = 0;
      }
      Jul 1 16:55:32 localhost OSInstaller[332]: Creating recovery volume.
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ..T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: donor disk’s storage system is simple so it itself will be the donor
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ..T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: normalized donor: logical=0x7ffa48422108=disk0s3=Lion HD=(iflvuuid=(null)) physical=0x10e7d1cb0=disk0s3=Lion HD=disk0s3 storage=(null)
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ..T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: ensured donor is slice and on GPT
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ..T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: donor’s whole-disk=0x10e7d1c10=disk0
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ..T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: ensured target and donor are reasonable sizes (>2GB) to support a full OS installation
      Jul 1 16:55:32 localhost OSInstaller[332]: Checking target disk
      Jul 1 16:55:32 localhost diskmanagementd[336]: DM ..T-[DMToolBootPreference ensureRecoveryPartitionForVolume:]: doing fsck of simple donor slice=0x10e7d1cb0=disk0s3=Lion HD
      Jul 1 16:55:32 localhost OSInstaller[332]: Checking file system
      Jul 1 16:55:32 troutont-lm1 OSInstaller[332]: Performing live verification.
      Jul 1 16:55:32 troutont-lm1 OSInstaller[332]: Checking Journaled HFS Plus volume.
      Jul 1 16:55:32 troutont-lm1 OSInstaller[332]: Checking extents overflow file.
      Jul 1 16:55:32 troutont-lm1 OSInstaller[332]: Checking catalog file.
      Jul 1 16:55:33 troutont-lm1 OSInstaller[332]: Checking multi-linked files.
      Jul 1 16:55:33 troutont-lm1 OSInstaller[332]: Checking catalog hierarchy.
      Jul 1 16:55:33 troutont-lm1 OSInstaller[332]: Checking extended attributes file.
      Jul 1 16:55:34 troutont-lm1 OSInstaller[332]: Checking volume bitmap.
      Jul 1 16:55:34 troutont-lm1 OSInstaller[332]: Checking volume information.
      Jul 1 16:55:34 troutont-lm1 OSInstaller[332]: The volume Lion HD appears to be OK.

      • July 28, 2011 at 5:59 pm

        I was flat wrong in my earlier testing. NetRestore (when I re-ran my testing today) does not create the Recovery HD partition. The Recovery HD partition must have been left over from a previous NetInstall of 10.7. Mea culpa for the bad information.

  3. July 22, 2011 at 12:17 pm

    so FYI, taking an existing restore partition, running diskutil eraseVolume on it and then trying to use recovery_partition_tool, even just to copy an existing restore partition, is not working at all:

    bash-3.2$ sudo /Volumes/Optical/lionTest/recovery_image_tool -p disk0s3 disk1s5
    Invalid recovery system @ path: disk0s3
    bash-3.2$ sudo /Volumes/Optical/lionTest/recovery_image_tool -b disk1s5
    Invalid recovery system @ path: disk1s5
    bash-3.2$ sudo /Volumes/Optical/lionTest/recovery_image_tool -c /Volumes/Mac\ OS\ X\ Install\ ESD /Volumes/Untitled/
    File already exists at: /Volumes/Untitled/
    bash-3.2$ sudo /Volumes/Optical/lionTest/recovery_image_tool -p disk0s3 disk1s5
    Invalid recovery system @ path: disk0s3

  4. 3434
    July 25, 2011 at 2:32 pm

    Lion allows you to encrypt Time Machine backups natively….. is it possible to restore from an encrypted Time Machine backup using Recovery HD by just entering the password, or must you do it the first time a particular Mac is booted up as with FileVault 1 encrypted backups in older versions of OS X?

    Thanks :)

  5. August 8, 2011 at 1:10 pm

    rtrouton :
    I was flat wrong in my earlier testing. NetRestore (when I re-ran my testing today) does not create the Recovery HD partition. The Recovery HD partition must have been left over from a previous NetInstall of 10.7. Mea culpa for the bad information.

    Thanks for the follow up. I had found the fact same thing in my testing. There may be a way to configure net restore to add the missing partition using the configurable options in the System Image Utility, but I’m still working on getting it right. I suppose it depends on how important the Recovery Partition is to your organisation.

  6. January 11, 2012 at 2:00 am

    This can be accomplished with 10.7.2 if interested you can contact me.

  7. January 11, 2012 at 2:01 am

    stevebaumgartner :This can be accomplished with 10.7.2 if interested you can contact me.

    No 3rd party software required.

    • SheTech
      March 1, 2012 at 7:57 pm

      I’m interested!

  8. March 5, 2012 at 7:17 am

    I built / mangled a script into a package that will do this for you. We’ve deployed it with DeployStudio in production and are testing running it with Munki (no issues so far).

    https://github.com/grahamgilbert/Make-Recovery-HD

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 164 other followers

%d bloggers like this: