Bootable drive cannot be found after restarting Mac with connected external devices that are protected by OS X FileVault.
|Article:TECH185289|||||Created: 2012-03-29|||||Updated: 2013-03-06|||||Article URL http://www.symantec.com/docs/TECH185289|
After connecting an external hard drive that is protected by OS X FileVault to a Mac whose boot drive is encrypted with PGP WDE, the PGP Desktop application stops responding. The WDE driver is being disabled due to known compatibility issues with PGP WDE and OS X FileVault. If the external disk remains plugged in and you reboot the Mac, you will get the an error during the next bootup.
A slashed "0" sign (circle with a line through it) or "null" symbol will be displayed once the system reboots with the external drive protected by FileVault still connected
Any supported computer with OS X 10.7.x or above.
PGP Whole Disk Encryption 10.2 through Symantec Drive Encryption (formerly known as PGP Whole Disk Encryption)version 10.3.0 (Build 8741).
This issue has been resolved in Symantec Drive Encryption 10.3.0 MP1 (build 9060) and above. Using a FileVault-Encrypted external drive will no longer cause a Mac system to become unbootable, and will not display the "null" symbol any longer.
If upgrading to Symantec Drive Encryption is not immediately possible, the following are known cases and workarounds:
Case 1: You have a Mac whose boot disk is currently encrypted using PGP WDE. You insert an external disk protected by FileVault. Some reports have been made that ejecting the external disk may allow proper booting, however in recent builds of PGP Whole Disk 10.2.1 software, this does not always work. If the system is Whole Disk Encrypted, and an External Drive has been connected to the system, run the following command:
ls -aln /System/Library/Extensions/PGPwde.kext
If the return is "No such file or directory", then rebooting the system at any point will most likely result in the system not being bootable.
This scenario also applies to using Time Machine backups that have been encrypted with FileVault. If the Time Machine backup has been encrypted and the Mac system has been encrypted with PGP Whole Disk Encryption, do not plug in the external drive.
If the system will not boot after connecting one of these FileVault-encrypted external drives, decrypting the Boot drive with a PGP Whole Disk Encryption recovery CD, or decrypting the disk using Target Disk Mode will allow proper booting of the system.
Case 2: You have a Mac whose boot disk is NOT currently encrypted using PGP WDE. You insert an external disk protected by FileVault. After ejecting the external disk, the WDE functionality is not automatically re-enabled. To restore WDE functionality using the Terminal, run the following commands:
$ sudo su -
<enter user's password>
# mv /Library/Application\ Support/PGP/PGPwde.kext
# touch /System/Library/Extensions
# kextcache -v -u /
In versions of PGP Whole Disk Encryption 10.2.1 MP4 and above, this does not seem to be a problem and the PGP WDE drivers will continue to be enabled until an external drive that is plugged in, at which time, the PGPwde.kext will not exist in that directory as it has been unloaded. If this is the case, decrypting the boot drive should allow for proper booting.
Case 3: You have a Mac whose boot disk is NOT currently encrypted using PGP WDE. You insert an external disk protected by FileVault. After ejecting the external disk, the WDE functionality is not automatically re-enabled. To restore WDE functionality WITHOUT using the Terminal, you must reinstall PGP Desktop. You do not need to uninstall the current installation first.
This does not seem to be an issue with PGP Whole Disk Encryption 10.2.1 MP4 and above. Using a FileVault-encrypted External Drive should continue to function, as well as the PGP Whole Disk Encryption functionality, however using PGP Whole Disk Encryption will cause the system to not boot.
Case 4: You have a Mac whose boot disk is currently encrypted using PGP WDE. You insert an external disk protected by FileVault. You reboot with the external drive still connected, not having ejected the disk from the system.
2. Open Terminal. At the prompt type:
$ sudo chroot /Volumes/<name of the mounted disk>
For example "sudo chroot /Volumes/Macintosh\ HD". Because of the chroot command all of the following commands affect the mount volume and _NOT_ your host system. Do not skip this step!
3. Type the following:
# cd /System/Library/Extensions
# mv PGPwde.kext /Users/Shared/
# cd /System/Library/Caches/com.apple.bootstamps/ (<tab> (press the tab key, then enter)
You should now be in a directory named as follows:
# rm \:System\:Library\:Caches\:com.apple.kext.caches\:Startup\:kernelcache
# cd /System/Library/Caches/com.apple.kext.caches/Startup
# rm kernelcache
If the above workaround to remove boot cache files as does not help, and the PGPwde.kext is not found in the location specified, using Target Disk Mode or using a Whole Disk Recovery CD to fully decrypt the system will allow proper booting of the drive. Although this operation is not convenient, it will allow access into the system.
Article URL http://www.symantec.com/docs/TECH185289