The Chicken or the Egg -- Why You Should Decrypt Before Upgrading to OS X Lion
Now before I begin “The Chicken or the Egg” portion of the blog, I want to address an issue that many people are asking or wondering. “Why must I first decrypt before upgrading to Lion?” Well there are many reasons. However, one of the biggest reasons is that in Lion, Apple has added Recovery Partition Support. This Recovery Partition allows you to perform repairs and recovery to your Mac without having to find the DVD that came with your Mac. This is important, because whenever your system is encrypted, it is NOT advisable to create, resize, or move partitions. This is regardless if you’re running OS X, Windows, or Linux. Bad things (e.g. Data integrity issues) tend to happen when encrypted and you do partition modifications. So, Symantec has stated that you must first decrypt, and uninstall PGP Desktop or SEE Full Disk Edition (FDE) before upgrading to Lion.
Now back to The Chicken or the Egg…
So a lot of people are probably wondering what happens if you upgrade to OS X 10.7 (Lion) while still encrypted with either PGP Desktop or SEE Full Disk Encryption (FDE) for Mac. Our QA team here at Symantec has been busily testing PGP Desktop and SEE FDE against various Lion Preview Versions of OS X 10.7. Some of these tests include PGP Desktop and SEE FDE installed on OSX 10.6.x and upgrading to 10.7 while encrypted, and a clean 10.7 install and then installing and encrypting with PGP Desktop and SEE FDE. There is a large matrix of test scenarios that need to be thoroughly vetted to ensure the best possible user experience. This is why Symantec has recommended that users DO NOT upgrade to OS X 10.7 yet. Please allow us more time to test and adjust the code as necessary.
I’m sure some of you are curious to wonder what we have seen thus far in our testing (and may be afraid to try it on your own systems). Well you’re in luck; I’ve had some conversations with QA to see what some of the behaviors they have been observing during testing. Here are a couple of the more interesting results we have seen in our testing.
- 1. If the Mac is already encrypted by PGP Desktop, or SEE FDE, and you attempt to update to Lion, the Lion installer will fail. This is because Lion is unable to find a valid disk to install on. Thus, you can’t install Lion at all. (This is actually a good thing since it prevents you from possible data integrity issues with an accidental install/upgrade of Lion.)
- 2. The Mac is not encrypted, but PGP Desktop or SEE FDE is running. You would be able to upgrade to Lion through either the App Store or the Lion installer DVD. Upon the first reboot after the Lion upgrade, the user will be prompted with an “Install Java Runtime in order to run PGP Desktop” message. If you choose not to install Java runtime, PGP Desktop or SEE FDE will not run properly. If you choose to install Java runtime, then PGP Desktop and SEE FDE will run properly. (Note: I have not heard what happens if you try to encrypt at this point. I would not recommend finding out on your own either.)
Please note that tests are being run against various versions of Lion Preview. The behavior has been known to change between different versions of Lion Preview. Until we have a Gold version, testing cannot be 100% completed, and thus an approved version of PGP Desktop or SEE FDE for Macs would not be immediately available. Believe me, we want to have a version of PGP Desktop and SEE FDE approved for Lion as soon as possible as well.
So, please be patient with us as we test and address any compatibility issues we encounter during this process. After all, I too have selfish reasons for an approved version. I want to install Lion on my encrypted MacBook as well.