Tux


BitLocker needs your recovery key to unlock your drive because Secure Boot policy has unexpectedly changed

Oh, the joy of wrong configurations!

Recently, a person brought us this laptop to “fix.”
The previous day, the owner performed some Windows updates, and after restarting, the machine got this error.
After inquiring with him, we got the following information:

  • He did not possess a BitLocker recovery key with a length of 48 digits.
  • He had never even attempted to put one up, save it anywhere, or copy it to a USB drive, nor had he ever printed it off.
  • He logged into his Microsoft and Azure account, receiving the message “You don’t have any BitLocker recovery keys uploaded to your Microsoft account.” even though his device was listed there.
  • He could not locate the recovery key after attempting to follow the published instructions published by Microsoft.

If the information we got from that person is correct, then it means that the last Windows update cost that person inadvertently to lose all data that he did not back up in an external media or service. (Cracking the recovery key for BitLocker is, of course, out of the question for non-magical or extremely rich people with unlimited resources.)

Our only pieces of advice are the following:

  • Wait a few days before updating your PCs. Although this is not a safe practice, it might give the people responsible for this issue some time to fix it with a hotfix patch or similar.
  • In the meantime, perform timely backups of your data to external media or services.
  • If you are familiar with the Windows OS ecosystem, check your BitDefender settings. If that service is active and you do not have the recovery key, disable it and then reactivate it. It will produce a new pair of passwords and recovery keys that you can save for future use.

Error mounting filesystem

After installing the ewf-tools the right way on a GNU/Linux Ubuntu machine, we executed the following command to create the ewf1 mounting point for our .E01 image:

mkdir /mnt/ewf;
ewfmount ./DISK.E01 /mnt/ewf/;

After the operating system created the mounting point, we opened the ewf1 file that appeared in /mnt/ewf/ using the Gnome Disk Image Mounter. This action made a new entry in the Gnome Disks Utility, showing our new disk.

After clicking on the play button (labeled Mount selected partition) we got the following error:

We then tried to use the terminal to gain more control over the mounting parameters. To proceed with the following commands, we copied the Device value, which was /dev/loop54p3 in this case.

$ mkdir /mnt/loc;
$ sudo mount /dev/loop54p3 /mnt/loc;
mount: /mnt/loc: cannot mount /dev/loop54p3 read-only.
$ sudo mount -o ro /dev/loop54p3 /mnt/loc;
mount: /mnt/loc: cannot mount /dev/loop54p3 read-only.
$ sudo mount -o ro,loop /dev/loop54p3 /mnt/loc;
mount: /mnt/loc: cannot mount /dev/loop58 read-only.
$ sudo mount -o ro,loop -t ext4 /dev/loop54p3 /mnt/loc;
mount: /mnt/loc: cannot mount /dev/loop58 read-only.
$ sudo mount -o ro,norecovery,loop -t ext4 /dev/loop54p3 /mnt/loc;

The command that worked for us was the following:

sudo mount -o ro,norecovery,loop -t ext4 /dev/loop54p3 /mnt/loc;

The parameter that did the trick was norecovery. norecovery/noload instructs the system not to load the journal on mounting. Note that if the filesystem was not unmounted cleanly, skipping the journal replay will lead to the filesystem containing inconsistencies that can lead to any number of problems. This problem occurred because the machine did not shut down properly before it had its image cloned, so after we mount, we might not get the latest state of the disk.


How to access VMFS Datastore from Ubuntu GNU/Linux

Suppose the ESXi host fails, but the server’s local disk or disks are still operational. In that case, it is always possible to copy the virtual machine files (both data drives and configuration files) from the VMFS datastore and run the VM on a different server. This is true even if the ESXi host fails (even on VMware Workstation or Hyper-V). The most significant issue is that the widely used operating systems, such as Windows and Linux, do not have a VMFS driver, which causes them to be unable to recognize a partition that automatically has the VMFS file system.

To mount a VMFS file system on an Ubuntu, we will need to install the vmfs-tools package.

sudo apt-get install vmfs-tools;

Then, we need to create a folder where we will perform the mount later on:

# The folders does not have to be in the /mnt path, it can be anywhere on your file system where you have access.
sudo mkdir /mnt/vmfs;

Following that, we need to identify the disk we want to mount. There are two popular ways to do so, and the first is by executing the command fdisk -l on the terminal, which will show all physical disks attached to your system. You will get results that are similar to the ones below:

sudo fdisk -l;

...

Disk /dev/loop51: 884,85 GiB, 950075898880 bytes, 1855616990 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

From these results, the drive’s path is essential information for us. In this case, it was /dev/loop51.

The second method is to use the Gnome Disks Utility:

When you start the application, you will get an image similar to this:

If you have a physical VMFS datastore hard drive, it will appear on the list on the left. You will get more information on the right panel by clicking on it. The critical information is the value after the label Device. In this case, the vital value was /dev/loop51.

If you do not have a physical drive but an image of a drive, you can attach it by clicking on the menu button with the three lines on the top left and then selecting the Attach Disk Image... (.iso, .img) option. A new window will open, allowing you to navigate and find your image file.

After we acquire the path to the physical drive or the image file, we can mount it using the following command:

sudo vmfs-fuse /dev/loop51 /mnt/vmfs;

In case you get the following error:

VMFS: Unsupported version 6
Unable to open device/file "/dev/loop51".
Unable to open filesystem

Then, you need to install the package that can handle VMFS version 6. To install, use the following command:

sudo apt-get install vmfs6-tools;

Trying again to mount, this time with the tools that are appropriate for version 6, should do the trick:

sudo vmfs6-fuse /dev/loop51 /mnt/vmfs;

To unmount, we need to execute the following:

sudo umount /mnt/vmfs;

GNU Linux/Bash: A function that splits a word in half

The following function takes one argument – a text file.
The text file should contain one word on each line.
The function reads the text file (argument) line by line.
Then it checks if the line has one word; if this is true, it splits the word in half.
Finally, it prints the two new words with a space between them.

#!/bin/bash

splitWordsInHalf () {
  # This function takes one argument - a text file.
  # The text file contains one word on each line.
  # It reads the text file (argument) line by line.
  # Then it checks if the line contains one word, if this is true, it splits the word in half.
  # Finally, it prints the two new words with a space between them
  while read line
  do
    words=( $line )
    if [ ${#words[@]} == 1 ]
    then
      echo ${line:0:${#line}/2} ${line:${#line}/2}
    fi
  done < $1
}

splitWordsInHalf input.txt

Example

Using the following input file:

banana
apple
ball
car
door

We will get the following output when we execute splitWordsInHalf input.txt:

ban ana
ap ple
ba ll
c ar
do or

Notes

The following parts of the code are in charge of looping on the data of the incoming file. The parameter (the input file) given to the function is translated into the variable $1. The while loop gets one line of text on each iteration and assigns the text to the variable that is named line. You could have chosen any other name that suits you instead of the word line.

splitWordsInHalf () {
  while read line
  do
    ...
  done < $1
}

The next part of the code (words=( $line )) converts the string value that is contained in the line variable into an array of words, and it assigns that array to the variable named words. Then, it counts the number of elements in the array (the number of words in the line) using the following ${#words[@]} and it checks that there is only one item.

words=( $line )
if [ ${#words[@]} == 1 ]
then
  ...
fi

The following line will print two strings. The first string is a sub-string of variable line that is composed by the first half of the value. The second sub-string is the second half of the value contained in the variable named line.

echo ${line:0:${#line}/2} ${line:${#line}/2}

The ${#line} will return the length of the string contained in the variable.

The structure ${VARIABLE:START:END} defines the slice of the string that we want returned.