Symantec Drive Encryption [Formerly PGP Whole Disk Encryption] Recovery on Macintosh using Target Disk Mode
|Article:TECH149514|||||Created: 2009-08-13|||||Updated: 2013-04-25|||||Article URL http://www.symantec.com/docs/TECH149514|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
If you are unable to boot a Macintosh system which has been encrypted with Symantec Drive Encryption, you can use Target Disk Mode to troubleshoot or decrypt the drive.
Most newer Apple systems support Target Disk Mode, which allows the computer to be slaved to another Macintosh to access the drive contents. The Apple system must have Firewire or Thunderbolt ports to allow Target disk mode.
(NOTE) Currently as of April 2013 - slaving an encrypted drive using Thunderbolt to Thunderbolt is currently not supported. You can use a Thunderbolt to Firewire adapter to connect a Thunderbolt enabled machine to an older Apple computer that has Firewire support. Please see TECH201009 for more information on when this will be supported in the future.
The master machine must have Symantec Encryption Desktop installed and licensed for Symantec Drive Encryption. Once the slave computer is booted in Target Disk Mode and connected to the master machine, Symantec Encryption Desktop will detect the encrypted drive and request the passphrase for the problem computer to to unlock the drive. Once the drive is authenticated, it will appear as an attached volume on the master Apple system just as any other external storage device.
At this point, you may access the data on the problem machine, copying the data if necessary to another device. You may also use Symantec Encryption Desktop or pgpwde command line tool (in the Terminal app) to decrypt the drive, so long as the consumer policy on the master Apple system is allowed to decrypt. Alternatively, if a WDE admin passphrase user is used to encrypt the drive, you may use those credentials to decrypt the drive.
For example, to decrypt a drive from pgpwde command line, run the Terminal application located in Applications>Utilities. From there you can see a what encrypted drives are attached, the status of the disk, unlock the disk for access or even decrypt, among many other useful troubleshooting.
To list disk current disks attached to the computer:
Boot disks are typically labeled 'disk 0'
To check the encryption status of a drive:
pgpwde --status --disk n
Where 'n' is the number of the disk you wish to query.
To access the disk if Symantec Desktop Encryption did not prompt for passphrase:
pgpwde --auth --disk n --passphrase "passphrase here"
Where 'n' is the disk you wish to access. This unlocks the drive, making it possible to copy the data from the problem disk to another storage device.
To decrypt a disk use the following command:
pgpwde --decrypt --disk n
If any of the above commands cannot be found, even though Symantec Encryption Desktop is installed, it may be necessary to run the commands from
cd /usr/local/bin/ ./pgpwde --help
Symantec Drive Encryption Command Line Guide can be found in the related article section below
PGP WDE doesn't support the Thunderbolt interface in Mac OS X
Article URL http://www.symantec.com/docs/TECH149514