Using Boot Camp with PGP Whole Disk Encryption and Symantec Drive Encryption

Article:TECH149590  |  Created: 2009-10-13  |  Updated: 2014-01-27  |  Article URL http://www.symantec.com/docs/TECH149590
Article Type
Technical Solution


Issue



This article details how to use Boot Camp with Symantec Drive Encryption and PGP Whole Disk Encryption.

If upgrading an existing installation of PGP Desktop with Boot Camp to version 10.2 or later, see this article 

Warning: If PGP Whole Disk Encryption\Symantec Drive Encryption is upgraded on one of your operating systems (Windows or Mac OS X) with Boot Camp that is encrypted, be sure to boot into the other partition and upgrade the PGP Whole Disk Encryption\Symantec Drive Encryption software there as well.  Each operating system partition must use the same version on each boot partition.  This is due to the Windows installer and PGP Whole Disk Encryption\Symantec Drive Encryption installation, which takes care of updating the BootGuard data for the Windows partition and the Mac OS X installer and PGP Whole Disk Encryption\Symantec Drive Encryption installation updating the PGP BootGuard data for the Mac OS X partition.


Environment



PGP Whole Disk Encryption 10.x to 10.1.x (if PGP Whole Disk Encryption 10.2 is being upgraded, see TECH163970).

Note: To use Boot Camp with Symantec Drive Encryption/PGP Whole Disk Encryption, you must install Symantec Encryption Desktop 10.3.1 or earlier.

Caution: Starting from version 10.3.2, Symantec Encryption Desktop is not compatible with Apple Boot Camp on any Apple Mac OS X system. For more information, see TECH212700 (Upgrading Symantec Encryption Desktop to version 10.3.2 on Macintosh systems enabled with Apple Boot Camp).


Solution



In order to have full read/write functionality between partitions, the file system must be readable by Mac OS X.  Microsoft recommends NTFS for Windows XP for optimal security which is not natively supported by Mac OS X.  Apple recommends FAT for maximum compatibility regarding this issue.  For Windows Vista and Windows 7, both Microsoft and Apple direct users to install the operating system using NTFS.

To read/write data to the Windows partition from Mac OS X (this includes encryption of the Boot Camp Windows partition for Symantec Drive Encryption for Mac), a 3rd party NTFS driver must added to Mac OS X to support this operation.

Before beginning, be sure Boot Camp is installed correctly. For more information on Boot Camp installation, click here for an Apple Support page.
 

Warning: Windows XP on NTFS is not supported with Boot Camp and Symantec Drive Encryption on any version.

 

Initial installation of Symantec Encryption Desktop and Boot Camp

  1. Close all open applications.
  2. Run the Boot Camp Assistant located in the /Applications/Utilities/ folder.
  3. Create a partition on the disk for Windows.

    Warning: Do not install Windows at this time.
     
  4. Install Symantec Encryption Desktop and authorize the software.
  5. Run the Boot Camp Assistant and install Windows on the previously created partition.

    Caution: Follow the Boot Camp instructions carefully. During the installation of Windows Vista, you will be prompted to reformat the default Boot Camp partition to use NTFS instead of FAT32, be careful to format the correct partition.
     
  6. Install Symantec Encryption Desktop for Windows on the Windows operating system.
  7. Reboot the system into the Mac OS X.
  8. Open Symantec Encryption Desktop and perform Symantec Drive Encryption

 

Install Symantec Encryption Desktop with an established Boot Camp installation

  1. Install Symantec Encryption Desktop for Windows.
  2. Reboot the system to Mac OS X.
  3. Install Symantec Encryption Desktop for Mac OS X.
  4. Perform Symantec Drive Encryption.

 

Running the Boot Camp Assistant on a system with Symantec Encryption Desktop

  1. Decrypt the disk. Boot Camp cannot be installed on an encrypted disk. The disk must be formatted as a single HFS partition to use the Boot Camp Assistant.
  2. Run the Boot Camp Assistant to include support for Windows.
  3. Install Windows.

    Caution: Follow the Boot Camp instructions carefully. During the installation of Windows Vista, you will be prompted to reformat the default Boot Camp partition to use NTFS instead of FAT32, be careful to format the correct partition.
     
  4. Install Symantec Encryption Desktop for Windows. Do not encrypt the disk.
  5. Reboot the system to Mac OS X.
  6. Perform Symantec Drive Encryption.

Note: It is okay to wait for Symantec Drive Encryption to complete or encryption can be paused and restarted.

Warning: Perform the Symantec Drive Encryption *only* from the Mac OS X operating system.  Symantec Drive Encryption tasks should never be performed on the Windows side.  If Running a managed Symantec Drive Encryption client, and auto-encrypt is enabled, there is a risk that encryption could be performed on Windows, which could result in an unbootable machine, so take caution if using this setting so that encryption is done only on the Mac operating system.




Legacy ID



1697


Article URL http://www.symantec.com/docs/TECH149590


Terms of use for this information are found in Legal Notices