Video Screencast Help

Do NOT encrypt if you're running the latest Macs powered by Intel's Ivy Bridge CPUs

Created: 19 Jun 2012 • Updated: 05 Nov 2012 • 30 comments
Kelvin_Kwan's picture
-1 3 Votes
Login to vote

If you recently purchased a MacBook Air (Model 5,2) or a MacBook Pro (Model 10,1), do NOT encrypt your laptop with the current release of PGP Whole Disk Encryption for Macs (10.2.1 Build 4461).

These are the latest Macs just released by Apple based on the Ivy Bridge Processors from Intel.

Based on our QA testing thus far, we are observing these Macs not booting properly after authenticating the PGP WDE Bootguard screen. Our engineers are aware of the problem and are busily working on a solution to this.

Please check back to this blog for the latest updates.

UPDATE:
7/17/2012 @ 1:57 PM PST - Hot off the presses from engineering.  A hotfix to address this issue should be available by the end of July or beginning of August.  I will update this posting with any follow-up information that I have.  Thanks for your patience and understanding. 

8/3/2012 @ 4:23PM PST - Per PGP_Ben's post below, a hotfix is available as of now.  You must however contact support to receive this hotfix due to laws pertaining to encryption.  This hotfix is called 10.2.1 MP2HF3.  Here's a KB link for a little bit more information.  http://www.symantec.com/business/support/index?page=content&id=TECH191890

9/17/2012 @ 8:27PM PST - I just received an email from one of our Support Engineers indicating that the Ivy Bridge CPU/Chipset is now supported.  You will need to be running 10.2MP3 for proper support.  Please download this from FileConnect.  Thanks for everyone's patience.

Comments 30 CommentsJump to latest comment

LMV122's picture

I then read online, went as far as burning the ISO image of the PGP 10.2 recovery disk and tried to get the Macbook Air to reboot from the attached superdrive to no avail.

Please help! That is the only instance of a good amount of my critical data which I was in the process of organizing into a time capsule prior to rebooting and encountering this error.

This all happened during the course of my installing all the required programs in order to use my Macbook air as a work computer.

-2
Login to vote
Pdizzle's picture

Just encrypted my brand new E6430 from Dell with PGP 10.2 MP5 and then upon rebooting i'm stuck... so don't encrypt any hardware with the new Ivy Bridge Chipset.

+10
Login to vote
mrice23's picture

This also looks like it affects the latest MBP 15 inch (9,1). It does use Ivy Bridge, but is not listed in the post above.

+2
Login to vote
Bob.DeSilets's picture

I'm following up on this issue as we just ran across it with a new MacBook Air.  Is there any update on this problem or estimated time for resolution?

Thank you

 

 

0
Login to vote
tech_droid's picture

Is it safe to assume that the fix for this will probably happen after the release of Mountain Lion?

0
Login to vote
PGP_Ben's picture

Hi Bob and company, Engineering is still working dilligently on finding a solution. I have heard some rumors of possible workarounds that you could try:

- some customers report that the bootguard screen is still there, but it goes to a dark grayish screen and putting in your passphrase and hitting enter will get you past there

- engineering confirmed that doing an bootguard bypass upon reboot allows you to boot up the machine

pgpwde --add-bypass --disk 0 (or boot disk number) -ap or pgpwde --add-bypass --disk 0 --wdrt (with wdrt instead of admin passphrase)

I will work hard to make sure that our KB and the forum post is updated as we have more info.  Please be aware that you are not alone and many other customers are affected by this issue so it's priority 1 for us right now.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

+1
Login to vote
simbrain's picture

Yep. It's no great surprise, but my spanking new MacBookPro Retina 10,1 is failing to boot with PGP Desktop WDE. God knows how many full reinstalls of OSX and Windows 7 in Boot Camp I have done to try to get it working with plan Bs that didn't work either.

But at least with a few keywords in here, people might find the problem sooner than I did. After what I have been through, there's no way I am trying possible workarounds. I just don't have the time to spare.

+2
Login to vote
mclemens's picture

I'm not sure about other users but my team and I are at a stand still until this is resolved.  Is there no ETA on a solution that doesn't involve bypassing the bootguard?  It is nearing a month now and all I have seen is "we are looking into it" type responses.

-1
Login to vote
Kelvin_Kwan's picture

All,
As I have updated in the original posting above, a hotfix to address this issue should be available by the end of July or beginning of August. 

Thanks for your patience and understanding. 

+1
Login to vote
mclemens's picture

you are going to come out with a fix just in time for pgp to be broken again by mountain lion :P

+3
Login to vote
skyit's picture

Is this fixedf with the July 24th release?

The new file is called PGPUniversal3.2.1MP2_PUP.zip

 

-8
Login to vote
sven_frank's picture

PGPUniversal3.2.1MP2_PUP.zip => No Ivy Bridge Mac Support

PGPUniversal3.2.1MP3_PUP.zip => Will contain Ivy Bridge Mac Support

 

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

-4
Login to vote
PGP_Ben's picture

10.2.1/3.2.1 MP3 will be generally available for customers within the next month.  Support has a hotfix available for customers now which is 10.2.1 MP2H3 if you wish to receive this hotfix you will need to open a support case through Symantec due to government laws concerning encryption.

Correction: MP2HF3 is the correct release. I edited the above comment to reflect this.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

+1
Login to vote
patphan's picture

Ben,

I cannot create a support ticket because it errors out with an application error. Can you provide me with a link for the download please?

+4
Login to vote
RicknTX's picture

Hi,

We tried this hotfix as released by Symantec Tech Support.  It did not work on our model (MD103LL/A) Ivy bridge procs.  

The latest update we received today points the finger back to Apple indicating that our BootROM would have to now be updated by Apple.  The evidentally applies to all MacBookPro9,1;MacBookPro9,2 models.

Apple states that they have no updates pending (at least that they can comment on) and it doesn't appear that the two companies are actively working things.  

So now, with the 3.2.1MP3 due out very soon from PGP/Symantec we're left hanging in between two companies pointing fingers at each other..   

So now what....????  

0
Login to vote
mrice23's picture

HF3 worked on 13 inch, not 15 inch. We were told "end of July or beginning of August" but this does not seem to have been the case.

-4
Login to vote
tech_droid's picture

Looks like the update finally posted yesterday, time to update the server and give it a try.  10.2.1 MP3 / 3.2.1 MP3.

http://www.symantec.com/business/support/resources...

~  TD

0
Login to vote
RicknTX's picture

We were told by Tech Support that until Apple releases a new BootROM to allow Symantec to address the drives it is still a mute point.

So....  Great to hear there's a patch, but sorry to hear we're waiting on Apple to do their part....  

 

 

0
Login to vote
PGP_Ben's picture

That is an "edge case" if you will. It's only specific Macbook Pro's on the  MBP91.00D3.B02 rom that we have seen this on so far. We currently have a ticket open with Apple working through those issues and if a code change is needed on our end we have hopes that we can get it into our next MP which will be addressing 10.8 compatability issues as well.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

+6
Login to vote
mrice23's picture

having no luck encrypting a 15-inch, Mid 2012 2.6 GHz Intel Core i7 MacBook Pro with MP3. Anyone able to do this?

0
Login to vote
shelster's picture

So what do I do now that my IVY Bridge brand new Retnia MBP is unusable?  I started a ticket but it timed out.  HELP!!!!! I'm on my wifes machine and she's killing me everytime I get on it.  Help!

 

+4
Login to vote
simbrain2's picture

@Shelster There are a couple of ways you can get it running safely, but neither as elegant as how PGP WDE should work.

If you run Parallels, then you should migrate your Boot Camp partition to an expanding drive under OSX. Parallels has some tools to help you do that, but I did a fresh install. Then you simply use the built-in encryption in OSX.

If you don't need the OSX function, then simply wipe the disk and use a standard windows encryption tool. The first "free open-source disk encryption software" I tried worked for a whole disk encryption at boot.

Always rememember to back up disk images before performing open heart surgery, and do this at your own risk.

-2
Login to vote
shelster's picture

@simbrain2 thanks for your reply, however I want to keep my data!  I do have a clone from 4 weeks ago, however there MUST be an easier way to fix these boot files.  I'm not willing to reformat.  I can't share why but it's not an option for me.  I MUST get to my data.  FYI, I my clone using carbon copy is not working for some strange reason now.  Not sure if the thunderbolt cable to firewire800 is the problem or the USB 3.0 is the problem, but both don't boot or show up when i hold down the option key.

Here is what stinks!   I can't file a claim to get that HOTFIX, because the Symantec site gives me errors! I've been trying for a few hours now over 20 times on 3 different browsers.  I'm logged into Symantec's customer support, and even had a chat with the person, but neither was successful, and chat support claimed they could not see my chat after 10 minutes.  I'm mean really.....does it have to be this hard to get a file or hot fix or even just contact support.  I'm getting really upset here.....ok.....I'm really angry at this point.  I've used PGP for over 5 years now and I'm not liking where this is headed and I'm ready to pull the plug for our whole company to stop using it if I don't get answers or have someone contact me within the next 24 hours.  It's one thing to have a problem but not be able to file a claim is ridiculous!

-2
Login to vote
simbrain2's picture

@shelster, try getting the data off it by starting it target disk mode and accessing it from another computer. Good luck. I wasted about two whole days on this before giving up, but luckily my data was not at risk.

+1
Login to vote
shelster's picture

@Simbrain2 Okay, I hope it works!  Thanks for the tip, I'm now decrypting the laptop (Retnia) via my old laptop that I was about to reformat and sell.  So I was able to access it via firewire-thunderbolt, for some reason my thunderbolt to thunderbolt cable did not work.  So it says it's gonna take 5 hours 41 minutes.  Do you think it will leave any extra files after i decrypt it?  Will I have to replace the efi files?

I'm hoping it will just work!

Then again I'm awaiting the hotfix from ben.

+8
Login to vote
simbrain2's picture

@shelster, with any luck, it will just work, but I'm only guessing. Worst case scenario is you copy off the files and reformat. As a result of all this, and trying different configurations, my unit no longer has its recovery partition (and is still a bit flaky with internet recovery), but a fresh install of Lion or Mountain Lion on a bare disk will at least give you the EFI files.

I'm really happy with the machine now, and I've got used to keeping the Windows drive as a virtual expandable disk, with data kept on the OSX side and shared. It is not as stable as my PC before, but it's still a great machine, and FV2 works very transparently, both with the boot drive and external units.

-2
Login to vote
shelster's picture

@simbrain2, @pgp_ben,

Okay, it worked!!!! So let me describe how I fixed it.

With the help of @simbrain2, I used my old laptop (Still running) PGP WDE 10.2.1 (non-MP3) and used my Firewire cable + Firewire/Thunderbolt to connect to my retnia stuck machine.  Keep in mind this retnia stuck machine had been encrypted with 10.2.1 MP2 while on Lion 10.7.4.  

After connecting the cables, I booted the Retnia holding the "T" for the Thunderbolt cable to be active, it brought up the firewire cable on the grey screen.  FYI, when I went from Thunderbolt to Thunderbolt that cable did not work.

Then I fired up my old laptop 2010 model MBP, it immediately recognized the attached Rentia hard drive as an external drive, and brought up the pw.  I typed in the pw and followed the normal steps to decrypt it.  

5:41minutes later it was decrypted.  Whew!!!!!!

The reason I installed 10.2.1 MP2 was because I was running succussfully 10.2.1 on my lion 10.7.4 2010 MBP.  Also seeing the success of others gave me comfort it was fine.  But now realzing that the IVY Bridge may have been the problem or as Ben says they added some new things in there. 

So all to say my data is safe and thank goodness, I didn't reformat!

FYI, none of those recovery CD's worked by the way!  Just to encourage you PGP folks to test those recovery cds.

 

+10
Login to vote
Kelvin_Kwan's picture

Quick update.  I edited the original post above.  Long story short:

9/17/2012 @ 8:27PM PST - I just received an email from one of our Support Engineers indicating that the Ivy Bridge CPU/Chipset is now supported.  You will need to be running 10.2MP3 for proper support.  Please download this from FileConnect.  Thanks for everyone's patience

+1
Login to vote
shelster's picture

Oh boy!  does this affect the 10.7.5 that Apple just released today? Apple has also just updated the EFI.  So how does this affect this version 10.2.1 MP3 running on 10.7.5 OSX?

+2
Login to vote