Mac Mini Hard Disk Upgrade with Clonezilla

My Dad’s aging Mac Mini has done him a great service. A late 2009 A1283 model we’ve already upgraded the RAM to 8GB but didn’t take the opportunity to address the 160gig hard drive. Sadly for Dad this meant, while processing photos, he ran out of space at the weekend. No problem…
Case off Mac Mini AA1283
And so it begins…… Thanks to iFixit for the tear down guide
Lots of 2.5inch replacement options: SSD, capacity, green credentials and performance. Realistically the Mac Mini is 5 years old and we’re into bonus ownership and usage time. For £47 from Overclockers a Western Digital 7200rpm Black Scorpio seemed the best compromise. It would offer Dad another 500+gig and slightly more performance over the original 160gig 5400rpm drive. Slightly concerned by the additional heat 7200rpm might bring but lots of blog posts and Google results showed nothing but positive reviews and successful upgrades.
Drive Bay for the DVD and HDD
Removed the drive bay for the DVD and HDD
Using iFixit and having already been through the process the removal of the drive was relatively simple. The Mac Mini really is the hobbyist’s Mac. Truer to Apple’s hobby builder origins. Try upgrading the hdd on an iMac… RAM no problem, hdd not so much…. Because Dad’s Mac Mini was running well, apart from the lack of hdd space, I elected to clone the drive rather than backup and rebuild it with a new OS install and Time Machine restore.
The HDD to be swapped
The full 160gig original
Clonezilla is a fully featured open source option for cloning drives. It’s also the cloning tool I’m most familiar with. Cloning the drive with Clonezilla has only one limitation: the destination must be the same size or larger than the source. There are a few ways to hack around this but thankfully in this case, going from 160gig to 750gig, is easy. Once cloned I’d need to re-size the main partition to use the additional space. Cloning this way saved a lot of time. For a few button presses and several hours sat in the background we have a backup image of Dad’s drive and no need to sit through installs and lengthy file transfers. Had Dad been suffering other issues with his Mac Mini, or had it been a Windows machine, I’d of been tempted to use this as an opportunity to fully rebuild.
Cloning the physical drive with Clonezilla
Cloning the physical drive with Clonezilla
If you’ve not used Clonezilla before this guide may be of help: -Clonezilla has options to directly clone a drive on the fly. However, for the sake of an extra hour I used the opportunity to take a backup image of the original drive. Writing the whole drive image to an external hdd and then from there to the new drive. Although Dad has his own backup routine it’s reassuring to have an offsite copy. Especially one that can be cloned to any disk (160gig, or larger) in an hour, should the worst happen. When cloning a drive in this instance it’s much better to clone the entire drive / device rather than try to clone and recreate individual partitions. Creating individual partitions requires more effort and can cause complications when being written back. While the Mac Mini was apart I used the opportunity to clean and inspect it. Taking care not to do any damage while cleaning, paying particular attention to the heatsinks and cooling fans.
It's back, now to resize the main partition
It’s back, now to resize the main partition
Mac Mini re-assembled(ish). I’m superstitious and always test a machine before fully putting the case back together / adding the last screws. The curse of the fitted case and final screws invariably means when you test it you’ve forgotten something and have to take it apart again. Leaving it this way you don’t forget and it all works fine! Resizing the partition is easy using ‘Disk Utilities‘. However, during the resizing an error was thrown: “Partition failed: Couldn’t modify partition map because file system verification failed.”. This is odd because the drive was verified with no issues. A quick Google revealed a solution but no answer. If anyone could shed any light on this it would be appreciated. To be doubly sure I rebooted the Mac Mini into recovery mode (CMD + R during booting) and used Disk Utilities to run a full verify and repair. Rebooted, resized the main partition and then, for good measure, performed a full permissions repair.
Tested, partition resize and ready for the case to be re-assembled.
Tested, partition resize and ready for the case to be re-assembled.

With the the basics checked and everything working I put the case back on and returned the Mac Mini to Dad. Once back at home on his desk we ran through similar basic checks:

  • DVD drive worked
  • Sound worked
  • Network and Wifi worked
  • External devices worked: Mouse, keyboard, printer and USB drive
  • NEW: Fans worked
  • MS Office worked(ish): 2011 picked up on the HDD ID change and demanded its purchase key again. Thankfully Dad had this to hand.
Success, happy Mac Mini and a happy Dad.
Not so success…. Dad rang to say the Mac Mini had shutdown as a result of overheating. My first thought was the 7200rpm drive was too hot, having feared this might be the case when I researched and ordered it. However, it’s a new drive and Dad wasn’t overly using the HDD when the Mac Mini crashed. So I changed tactics and installed Temperature Gauge to see what was overheating, and how the single fan in the Mac Mini was performing. This revealed the fan wasn’t spinning.
Re soldered Fan Controller and Temperature Gauge app showing the fan maxed at 5500rpm
All fixed 😀
Taking the case off again revealed the fan controller was coming off its tracks and therefore not calling the fan. The controller for the fan sits on the front of the Mac Mini’s drive enclosure. Thankfully easy access with a soldering iron. 1 blob of solder and 3 tracks reheated later resulted in a much happier Mac Mini. Dad’ will keep an extra eye on the HDD and overall temperatures this weekend. Removing layers of dust, cleaning the fan and the new drive should be fine, cooler than before even! Another lesson learnt and thing to check for before putting the case back on…

Master Boot Record (MBR) Corruption and PGP Whole Disk Encryption (WDE)

Today is a big deadline in work. The point when weeks of work flow from development to production (via numerous sprints and UAT releases). The culmination of the development team and my efforts over the last two months. As with most IT projects the last two weeks have been a bit fraught, testing us as we prepare to launch a new suite of Cognos reports.

Today is also the day my Thinkpad has decided to corrupt its master boot record (MBR). Preventing my laptop from loading its operating system. Thankfully Microsoft (and third parties) provide bootable utilities to repair MBRs. However…………

Master Boot Record Corruption / Failure
Master Boot Record Corrupt. FAIL!

My MBR failure is complicated by IBM (sensibly) requiring the use of Symantec’s PGP Whole Disk Encryption (WDE). PGP’s WDE protects our laptops, and any sensitive data on them, in the event laptops are lost or stolen. As a mobile worker, and someone regularly on the move, WDE is a nice saftey blanket. Yes, if someone really wants the data on my laptop they will get it. But for additional security and if the laptop is lost it provides some reassurance. It’s also company policy, there is no point in fighting it.

Update: I was wrong about PGP being crackable. IBM Helldesk are able to deal with a forgotten password because we run a PGP support server. Since PGP version 9.7 there are backups in place to recover a forgotten password. But there is still no known way to crack PGP WDE. E.g. If you can’t decrypt the hdd, the data is lost. On one hand this makes me feel safer about the loss of a laptop and on the other it makes me glad most of my data/files are backed-up. A reminder I need a better backup solution for a hdd failure.

With the whole hard disk drive (hdd) encrypted I can’t use utilities to fix the MBR. The utilities require you to boot from them, and in so doing skip PGP’s BootGuard. BootGuard lets the OS use the encrypted hdd.  Therefore until the hdd is decrypted the utilities can’t access the MBR. Due to its encryption the hdd doesn’t even appear. Thankfully PGP provide recovery CDs, downloaded from here:

It’s key to know which version of PGP you have. The recovery CDs are version specific. If you can boot into PGP’s BootGuard screen it’s easy to find out: Selecting ‘advance’ instead of ‘continue’ from the options displays the version, and other options to assist in recovery. Since a similar failure in 2009 I keep a note of my PGP version (including any service packs). Just incase PGP’s BootGuard also fails to load. It’s not unheard of for both MBR and BootGuard to be corrupt at the same time. Not knowing which version of PGP I’d installed, combined with the bad sectors that caused the HDD to fail, resulted in my old drive being scrap.

Symantec provide a guide for how to resolve that situation here:

With the matching version of the recovery disk in place I booted off the recovery CD and tried to let Windows boot itself. In rare cases it’s possible that using the Recovery CD instead of BootGuard lets Windows boot and recovery itself. Sadly this wasn’t the case, I still had an MBR issue. Back to the drawing board.

The next step is a longer one: Rebooting off the Recovery CD, entering my password and then pressing ‘D’ to decrypt the entire hdd. We’re now at 90% having started at 9am this morning. The laptop hdd is 250gig capacity, of which 80gig was in use. I’m hoping the first 80gig takes the longest to decrypt. Ideally the final170gig will be a lot quicker, as it’s empty disk space. I’ll leave it over night and then all being well use Microsoft’s MBR fixer tomorrow. If anything goes wrong or the laptop is disrupted during the decrypt, all data is lost. Not the most relaxing situation to be in but I have 90% of my data backed up. All my work is stored on IBM’s cloud and I only stand to lose emails recently archived locally. The main loss will be time in having to rebuild my Thinkpad. As a worst case this isn’t too bad, but fingers crossed I can fully decrypt the hdd and recover my current MBR.

Update: Sadly my 80gig and free space decrypting quicker theory has been disproved. It’s now at 38% left to go and hopefully will be sorted in the early hours of Tuesday morning (3.5 days to decrypt 250gig). Keeping everything crossed it keeps going and finishes, allowing me to fix the MBR and recover all my data / Laptop. Decryption takes a fraction of the time if the hdd is mounted as a slave on another system. Lesson learnt! From now on I’ll run two hdd and regularly clone (more on this to come in another post).

BootGuard, PGP's Recovery Disk
93% – Not going anywhere for a while…………..

Before starting a decrypt via the recovery CD I googled alternative options. If you have a second machine with the same version of PGP installed you can plug the hdd in as a slave (via a USB caddy) and use PGP on the local machine to decrypt the hdd. This is the fastest way, sadly I don’t have another machine with PGP installed.

Update: Plugging the hdd in via a USB caddy / as a slave in a second machine is a lot faster because the Recovery CD is limited to 16 bit processing. If in Windows / Linux or OSX the decryption process can be run at 32bit /64bit and takes a fraction of the time. With hind sight waiting for SC to get home and pinching her work laptop would have been a better bet. It’s at 83% now with a very slim chance of being finished by Sunday. At least it’s still going. No physical hdd errors, yet!

I used to backup an image of my machine but Windows 7 made this harder and since upgrading I’ve taken to using IBM’s could to backup all of my work and accepting that if I had a failure I’d need to get an additional machine from IBM and rebuild it. Having now tested this theory it doesn’t work!

The new plan
The Plan comes in two flavours: 1. Get a smart phone and 2. improve my laptop and return to weekly backups.

1. Smart Phone: 99% of my work calls are handled by VOIP but I’ve been toying with getting a smart phone for work as a backup access to my work email, calendar, instant messaging and terminal services. Four key components of my day job that I’m currently without due to my laptop decrypting. As a result I’ve bitten the bullet and ordered the Asus Fonepad. It’s not the best spec but a Galaxy Note II is out of the question at the moment. I hardly make calls on my work phone thanks to VOIP. If I did have to make a call I always have my iPhone5 with free minutes to make emergency work call while out and about. The concept of a 7inch tablet that doubles as an emergency phone for £180 delivered was too good to get hung up on the negatives (slower processor and you’d look like a sketch from Trigger Happy TV if you tried to make a call in public). I’ll post more on this in another blog after some usage.

Dom Jolly on a BIG phone!
I’m on the Train!!!!!!

2. SSD and Weekly Cloning: My boss has an SSD drive and the boot times + smoothness of operation have always appealed. I’ve been waiting since for a reason to rebuild the laptop to get one and this is it. I’ve ordered a Kingston Value 120gig drive after reading several reviews like this review:

The time it takes to boot my Thinkpad always frustrates me. Even since upgrading from 4 to 8 gig of RAM it’s still sometimes hangs while paging and under heavy loads. Hoping the SSD will also prove more reliable. My Thinkpad travel a lot, the one before clocked over 100k miles. Combined with being on 5 days a week, most weeks of a year, it’s no wonder hdd fails / issues like this occur. With no moving parts an SSD should prove more reliable. It also means I can keep my current drive as a spare (if it’s not beyond repair) and regularly clone the SSD as a backup. More on this to come after the SSD swap and hopeful recovery. A new backup strategy is required (feel free to suggest any ideas in comments, or to laugh at my expense).

For now the Thinkpad is slowly chugging away decrypting and I’m off out to recover and watch Knee High Perform:

Thanks to my teams’ efforts and with lots of phone calls the release has gone to UAT and we’ll go live first thing Monday morning. Wish me luck and for a working Thinkpad asap :D.