Locked out of TPM system after one unsuccessful attempt to log in

Article:TECH149086  |  Created: 2007-11-16  |  Updated: 2011-02-05  |  Article URL http://www.symantec.com/docs/TECH149086
Article Type
Technical Solution


Issue




Issue

On systems with Trusted Platform Module (TPM) enabled, after a single attempt to log in to a system using an incorrect passphrase at the PGP BootGuard screen the disk is sometimes "locked." PGP Whole Disk Encryption will not accept the correct passphrase and authentication will continue to fail until a certain amount of time has passed. This issue only occurs on systems with Trusted Platform Module (TPM) Authentication enabled.

This issue may also occur when attempting to unlock the disk via the PGP Desktop user interface on a system using TPM. After typing an incorrect passphrase to unlock a disk, the disk cannot be authenticated and remains locked.

This applies to PGP Desktop 9.7.


Solution




Resolution

  • Situations where a correct passphrase is not accepted after an incorrect passphrase is typed can be due to additional security features implemented by the TPM system vendor that affect usage of the TPM. This can include an amount of time which must elapse before the passphrase will be accepted. Please consult the documentation for your TPM system for more information.

  • To unlock a disk after you have typed an incorrect passphrase in the PGP Desktop user interface, you must reboot the system.
When you encrypt a disk or partition using PGP Whole Disk Encryption, you can choose a method that determines how you will authenticate yourself to decrypt the disk. Trusted Platform Module (TPM) Authentication is one of the available options to use for authentication.

If Trusted Platform Module (TPM) hardware is available on your system, the option to use TPM with PGP Whole Disk Encryption is available. Adding a user with TPM means that the user can only authenticate to the disk on this particular system (the user is "locked" to the system). TPM can be used only with passphrase users and is compatible with the PGP Whole Disk Encryption Single Sign-On Feature. PGP Whole Disk Encryption is compatible with TPM version 1.1 or 1.2.



Legacy ID



841


Article URL http://www.symantec.com/docs/TECH149086


Terms of use for this information are found in Legal Notices