Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

10.6.8 update breaks pgp

Created: 23 Jun 2011 • Updated: 24 Jun 2011 | 84 comments
This issue has been solved. See solution.

Just updated to 10.6.8 with pgp wde and now won't boot.

Get the White screen and apple logo but it turns into a grey circle with a line through it.

Same issue as 10.6.5?

Comments 84 CommentsJump to latest comment

PGP_Ben's picture

PGP Desktop 10.1 Sp1 specifically addresses the issue where 10.6.5 overwrites the PGPBoot.efi file with mac's boot.efi file. This means that any machines updated to 10.6.8 will see the same behavior (if not on PGP Desktop 10.1 SP1 or newer).  Because Apple, like every other software vendor. Incorporates their previous fixes into new releases.

You are FOR SURE going to see this problem if you are not on 10.1.0.1130 or newer. I recommend that be on version 10.1.2 SP3 (wich is 10.1.2 build 50)

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

alexpayne's picture

I'm running 10.1.1 [Build 10]. Is it safe to upgrade to 10.6.8?

PGP_Ben's picture

No, 10.1.1 Build 10 is not SP1. I would recommend that everybody upgrades to 10.1.2 SP. We have seen issues with the update combo for 10.6.5 on 10.1 Build 10 releases as well

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

skerb1's picture

Ben,

Just to be clear, version 10.1.2 [Build 9] did not avoid the issue for me.  I have a Macbook5,1 that was running 10.6.7 and when updating to 10.6.8 I ran into this issue again.  I ran into this same issue when updating to 10.6.5, so I knew how to handle the issue, but this is getting frustrating for me.  You guys mention that beng at 10.1.2 [Build 9] should have avoided the issue for me, so it is obvios to me that you guys do not have a full grasp on the situation.  I have been ralatively happy with PGP WDE, but your software verification process is highly lacking.

MD0's picture

PGP_Ben, are you saying that it's safe to upgrade to 10.6.8? Has it been officially tested?

I am wary of any Symantec or PGP software these days and simply avoid updating until I get confirmation, usually with much delay.

sky07's picture

Toss in PGP boot disk image, press and hold 'c' during boot up to boot from PGP boot disk.  Then hit enter  to begin boot, followed by holding down the shift key for safe boot.

sky07's picture

Just curious.  Should PGP Desktop for Mac OS X have a more recent version? The posting by PGP_Ben (Technical support) suggests that 10.1 SP1 is available, yet when I run PGP->Check For Updates, it tosses up a dialog box with "No new version is available\n You are running the latest version of PGP Desktop for Mac OS X."

JB23zz's picture

I have the same problem-took me an hour to remember the 10.5 fiasco.  PGP has been OK, if you get by the 10.5 situation and that encrypted USB backups won't work; thankfully whole disc encryption (File Vault 2) WILL FINALLY BE BUILT INTO LION!!!!!

PGP_Ben's picture

Let me clarify for now:

- Support has tested the mac osx 10.6.8 update on a macbook pro with success booting the drive

- Support is using pgp desktop 10.1.2 build 22

- I don't have access to the right resources to confirm or deny just yet whether QA has tested the macosX update with PGP Desktop 10.1

We are techically on 10.1 SP3 which addresses some known issues with machines that are encrypted with 64-bit kernels on mac osx 10.6 The "check for updates" feature no longer functions with PGP Desktop 10.1 and newer. Now all updates are handled manually through the symantec licensing portal at:

https://licensing.symantec.com

or else through your PGP Universal Server

I will repeatedly state that you should NOT update your mac to 10.6.8 unless you are using PGP Desktop 10.1 10.1 SP1 or newer.

As far as workarounds go if you are on older than 10.1.1 SP1 and cannot boot I see you having two options:

- find the recovery cd used for the version of PGP Desktop that you have deployed and use that to boot the os and then decrypt from there before upgrading to 10.1 SP1 or newer.

- boot the mac in target disk mode and decrypt the disk there

I recommend 10.1.2 SP3 since that incorporates the latest fixes

* AS A LAST RESORT you can also boot off the mac osx cd and copy the pgpboot.efi over the boot.efi file

But I would really recommended upgrading PGP if you are 10.0 anyways. Because the second workaround may fix problem now but will break PGP again after the next update most assuredly.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

_bobby_'s picture

We are techically on 10.1 SP3 which addresses some known issues with machines that are encrypted with 64-bit kernels on mac osx 10.6

Mine says 10.1.2 (Build 9).  I'm not sure where that fits in with all of the SP releases?  How does PGP version numbering work?  Is it safe to upgrade with 10.1.2 (Build 9)?

 

The "check for updates" feature no longer functions with PGP Desktop 10.1 and newer. Now all updates are handled manually through the symantec licensiing portal at https://licensing.symantec.com or else through your PGP Universal Server

Why would you go from an easy "check for updates" process to a horribly non-intuitive manual process?  Using the licensing portal to obtain an update was without a doubt the worst update process I've ever had to deal with.

PGP_Ben's picture

Mine says 10.1.2 (Build 9).

10.1.2 Build 9 is the general release for 10.1.2 (Build9). The only way to obtain the update to that version now is through the Symantec licensing portal. this version should not be affected by the MacOSX update to 10.6.8. But it doesn't have the latest fixes for users running bootcamp with Windows 7 or 64-bit kernels that are running by default on newer "Sandy Bridge-i5/i7" macs.

Why would you go from an easy "check for updates" process to a horribly non-intuitive manual process?  Using the licensing portal to obtain an update was without a doubt the worst update process I've ever had to deal with.

I would like to highlight the fact that it wasn't ME or even SUPPORT that made that decision. But these types of decisions come from other groups like Product Management or Licensing. They are eventually going to be taking all the legacy PGP backend systems offline and they are moving everything over to the Symantec platform for updates. This means downloading updates through the licensing portal since it's globally approved for all different countries due to export restrictions and legal restrictions. Furthemore, Symantec's overall goal is to get the PGP products (just like every other Symantec product) incorporated into the Live Update feature. Which will enable you to not just update PGP software, but all Symantec software overall (including the PGP products).

I would agree with you that the licensing portal can be difficult to navigate your first time. Especially as a former PGP customer where it may be difficult to find your licenses. But management is aware of the problems that we are having there and they are trying to do everything we can to overcome that. You will see some changes in the near future here in regards to licensing with PGP anyways and it should hopefully ease the pain of licensing for Legacy PGP customers looking forward to the future.

 - Ben

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

jaysamuelsjls's picture

Can you point me to instructions on how to create the boot cd.  This is the same issue that happened sometime last year and I had to take it to the Apple store for help.  I only get the Apple Logo and then the zero with the slash.

plmuon's picture

I had the problem that I have only 1 mac, which was no longer bootable after the update to 10.6.8.

Since I had not burnt a PGP recovery CD before, the chicken and egg problem is that I need a mac to burn the iso.cdr image.

Suggestion: please make available a solution for windows or linux to be able to create an appropriate pgp rescue boot CD without needing access to a working mac.

In my case, I was lucky to have bootcamp installed. I could boot into windows and use pgp wde under windows to decrypt the whole disk. Then boot into mac to update pgp wde, and create a rescue cd for the next time.

mallardduck's picture

So is 10.1.1 [Build 10] safe?  That's the last version most of us were able to get before the licensing system broke.

pgpwde4mac's picture

I had to use the recovery CD after trying the Mac OS X 10.6.8 update.

My PGP version is 10.1.0 build 860.

After the first boot on the CD (without decrypting) I just restarted the laptop and now it seems that it's ok.

But once again with PGP, trouble head as soon as there is a Mac update...

stubbed toe's picture

I thought I was good to go with 10.1.0 Build 860. Nope. Broken.

Now I guess I'll have to go through old tech updates to figure this out. This is a bit of a headache, folks.

stubbed toe's picture

Ben,

Could you please post a link to the document (from earlier this year dealing with an OS upgrade) that walks through step-by-step how to repair a mac which has been frozen due this issue?

I understand that the problem might have been prevented by first upgrading PGP, but the program never prompted me to upgrade PGP and I didn't know this had become a manual process (so I assumed I was on the latest version).

I've booted from a second volume and tried to copy PGPboot.efi over Boot.efi, but get a "system locked" message that prevents me from copying this file.

I'd prefer not to decrypt my entire boot volume if possible, but suppose that might be necessary if other options are unavailable.

Thank you very much for your help!

Dougcain's picture

Ok fixed it using the copy pgpboot.efi to boot.efi method described here:

https://supportimg.pgp.com/guides/Tech_Note_PGP_WD...

Will update manually to latest pgp and then wait for lion....

How hard would it be to keep the autoupdate working which would help fix these issues.

Failing that a big notice on the pgp support site and perhaps an email saying manual update is required.

jaysamuelsjls's picture

This link does not work for me.  Is the pdf located somewhere else?

cyprien's picture

How do you “update manually”? The link is not working for me either btw…

PGP_Ben's picture

You guys do realize that if you don't fix the root problem by updating your PGP Desktop code you will run into the same problem the next time that Mac OSx pushes out their next update right?

The workaround of copying over the pgpboot.efi and replacing the boot.efi is an easy fix. But it was designed to be, as a last resort, a fix to get you around the issue that one time. It's not a permanent fix.

A permant fix would would be to decypt the drive, upgrade the version of PGP Desktop that is installed on there to PGP Desktop 10.1.2 Build 50 and then re-encrypt.

If you are unable to upgrade. You should contact customer care at (800) 721-3934 and they can assist you with accessing the Symantec licensing portal to obtain your downloads.

NEW KB ARTICLE ADDED:

http://www.symantec.com/docs/TECH163224

 

AS A LAST RESORT BECAUSE THIS WILL TAKE A LOT MORE TIME:

You can also boot the affected mac using target disk mode to another mac. Read this link to find out how to use target disk mode:

http://support.apple.com/kb/HT1661

Using target disk mode, you can mount the affected machine as another volume.  Then just decrypt using the PGP Desktop gui on the machine that is controlling the affected machine.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

SOLUTION
mallardduck's picture

The last version most of us were able to get was 10.1.1 [Build 10], but you keep talking about SP's.  We have no way to know what version SP1 or SP2 is - they don't show up on the 'about screen'. 

 

Symantec broke the update mechanism without bothering to tell users (let alone remove it from the code in the January update, which was the last one we could get before Symantec broke the manual update mechanism too).  If the 'check for updates' function reports 'you're on the current version', who's fault is that?

jc1350's picture

Mallardduck states the problems:

 

1.  The versions mentioned in this thread do not match the versions reported in "About PGP Desktop" (there is no reference to SP-anything, just version and build numbers like 10.1.2 [Build 9] in my case.

 

2.  While some of us used to be able to log into the symantec license portal, we cannot do so as of the last 2  months using the log-in IDs and passwords.  Tom M. posted a link in another thread to enter our serial numbers to gain access, but we don't have those numbers listed in "about PGP Desktop" or "License" under the main menu.  Those who do have their license numbers report that they are rejected by the web site as being "invalid."

 

3.  Symantec broke the "check for updates" feature without any notice and it now always returns "you have the current version."

 

4.  We are constantly told to "upgrade," but all the upgrade paths are blocked.

 

I'm repeating the same thing that Mallardduck (and others) posted because we are frustrated, this isn't exactly cheap software, and Symantec seems to be deaf and blind to our repeatedly posted problems concerning getting information and getting into the portal to get the updates we're told to get.

John

dmoore's picture

I've tried using the boot disk for v10.1.0... but following the instructions, nothing happens.  If I hold Option while booting, the only boot option I have is from the FUBARd hard drive.  If I try using a bootable external disk (a carbon copy cloner disk from another MBP), it just never boots...

I really hope that I'm not forced to format the disk and re-install OSX... That would not make for a good weekend, or improve my perception of Symantec.

PGP_Ben's picture

It sounds to me like you might want to try burning the ISO again. If it doesn't show up as an bootable option.  Futhermore, I've seen one article somewhere posting the recovery CD for Windows on a PC. I would go to this kb article here, to be sure that you are downloading the correct recovery CD for the mac/boot issue.

Article URL http://www.symantec.com/docs/TECH152610

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

pgpwde4mac's picture

After needing the recovery CD for the first install I tried using the Apple package directly and using this way doesn't break the boot.

Just download the packages at

http://support.apple.com/kb/DL1400

install it and reboot. That's it !

pipodeclown1970's picture

I downloaded the stand-alone package as user 'pgpwde4mac' suggested and the installation was without trouble.

Thanks for testing this out.

 

PGP Desktop WDE version 10.1.0 [Build 860] (PGP SDK 4.0.1)

JB23zz's picture

In spite of my irritated (and possibly irritating) comments yesterday, I do like WDE/Mac.  I have had the same problems updating to a later version than 10.1 Build 860 as others above.  I can deal with that later.  For now:

I am presently attempting to decrypt an early 2009 3.06 iMac, using the proper 10.1 recovery disc.  The screen indicated full (?) 99% encryption when I started some 3 hours ago. So,

(1)  Does the "DOS" screen,  for lack of a better word, ever indicate a continuing lowering of the remaining encryption %?  If not, how can you tell if decrypting is taking place and that the computer is not locked-up, even if the screen says decrypting is talking place?  (It seems that the small rectangle on the right lower screen very slightly "blips" one in a while.)

(2)  If it's NOT decrypting, what are my options, if any?  Restart? Go to T mode, etc?  More to the point, do I permanently hose the drive if I did stop what ever it is presently doing?

(3  And, finally, generally, what is the definition of a "long time" to decrypt the standard 1 T drive? This goes to (1).  If the screen will eventually show a decreased %, fine.  If it doesn't, and there are no visual cues as to what is happening, how long should I give it before I try something else in spite of the risks?  At some point, that'd be all that's left-just chance it.

JB23zz's picture

Update:

The screen just dropped a % point.  That means approximately 14 days to go(!!)

So, I've answered my questions except for the part of (2) about other options.  Thanks for any help

PGP_Ben's picture

I woukd not recommend powering off the machine or aborting the decrypt process by any means. Doing so could corrupt the data on your disk for good. Unfortunately my best advice to you at this point is to leave the drive decrypting it could be as long as one hour or more before you even see the status update.

With a 1TB drive it will take roughly 3-5 days to decrypt the entire drive.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

gmorado789's picture

You can download update 10.6.8 from the apple site manually and that will work. http://support.apple.com/kb/DL1400    Just tested it on two macbook pros. 

PGP_Ben's picture

Great tip. But this doesn't work for those that already are unable to boot. But good to know for those looking to update. Thanks!

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

With what version of PGP?

 

Until we know that, there's no point in trying any upgrade.  We need the numbers we can validate with what's on our 'about' screens.

 

To PGP (not the poster): Why is it so FRIGGING hard to give us that information?

cyprien's picture

 

No problem with PGW WDE 10.1.2 [build 9] (downloaded from the licensing server) and the packaged update downloaded from here: http://support.apple.com/kb/DL1400

(this is not the combo update as it states 10.6.7 in the requirements)

 

snarkhunter's picture

Manual installation of http://support.apple.com/kb/DL1400 worked for me on a MacBook Pro with PGP 10.1.0 build 860. 

Thanks for the advice.

PGP_Ben's picture

Support is working on a document to post ASAP with version numbers and corresponding build numbers as well as known issues affecting that version.

For now, all you need to know is that you should be on of the following two releases:

10.1.2 Build 9 - available via the Symantec licensing portal (it has been having it's share of issues today, but keep trying the site. You will get in eventually. I have tested it from two machines outside our network succesfully now)

10.1.2 Build 50 - available from support upon request

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

Thanks Ben, I managed to get into the licensing portal and get PGP Desktop 10.1.2 (Build 9), so I should be OK until 10.7 comes out.

MikeUK74's picture

Licensing portal seems to work again. I've managed to get 10.1.2 from the "Get Software" link now.

pipodeclown1970's picture

Dear Support,

 

I recommend that you provide feedback within the company on the status of PGP WDE for Mac: at version 10.6.5 the update went wrong and now again. This is not an acceptable situation. 

 

Symantec will lose customers if they do not sort this mess out. In particular with respect to the upcoming version Lion with its integrated WDE. A lot of reasons to choose for the very expensive PGP WDE will vanish.

 

Respect your clients and provide proper feedback!

 

Regards,

 

A disappointed customer.

PGP_Ben's picture

I am sorry, I will have to admit that a lot of things haven't gone right lately for our customers. They could have done some things to make the update function of PGP products work better. But the reality is, we are left with what we have to work with right now. The product in it's current state.

With that being said, Symantec/PGP addressed this issue back in Dec 2010-January 2011 timeframe. At which point, we provided customers with the updated product to help with this issue. If a support case was not issued at that point, and a workaround was given/done. We cannot warranty that. What are warrantying is that our product (in it's current state) will work with your Mac updates.

Do you need help obtaining the software updates? Is that the problem? Or are you just looking to provide feedback on a version that we already know (and have known) doesn't work for your Mac OS X updates?

Thank you,

Ben

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

Hi Ben,

 

If that's the case, why does this:  http://www.symantec.com/business/support/index?pag...

 

require a version that's *newer* than the one that fixed the 10.6.5/6 issue back in January?

dmoore's picture

@PGP_Ben:

I was wondering if you coujld help address my issues posed in this comment: https://www-secure.symantec.com/connect/forums/1068-update-breaks-pgp#comment-5733851

I have valuable data that I definitely need recovered from my MBP...

Thanks in advance.

mzb's picture

A question to @PGP_Ben:

How do I check the version of the PGP on a machine that does not boot?

I need this information to select EFI recovery disk (as described in TECH152610)

Many thanks in advance.

R0ut3r's picture

Hi,

I have the problem... encrypted AFTER the OSX patch. Both my OSX and Win7 partitions are fried.

I have tried booting with the PGP recovery CD, the actual screen is messed up at the "press any key to continue prompt" and then it ungracefully kicks me out.

The OSX version of the recovery disk does not seem to work at all and just sends me directly to the OSX PGP bootloader (to enter passphrase) then starts loading OSX from the HDD (which gives me a prohibit sign after a bit).

I tried booting in single-user mode. It freezes after a while, I can't get to a prompt.

I don't have access to the original OSX DVD for my Macbook Pro 2011 so I am completely screwed.

I too paid 125$ + 200$ for a new PGP licence for support, even though I have a 25 user PGP Pro licence...

This is pure insanity, I'm really desperate for help now.

Can someone recommend a PGP recovery disk that works with Macbook PRO 2011?

 

Thanks

 

barni's picture

I've successfully updated to OS X 10.6.8:

Before updating OS X, however, I created and tested a clone of my HD using Carbon Copy Cloner (see http://www.bombich.com/index.html). Given all the failure reports and my personal experience with a failed OS X 10.6.5 update, I didn't want to risk anything. 

I wished, however, Symantec would communicate in a more proactive and systematic fashion. Is it so hard to have a web page with clear instructions, checklists, etc. BEFORE an OS X update is publicly released by Apple? Given the systematic problems with OS X updates, wouldn't it even make sense to have a menu item in PGP Desktop which links directly to such a page? 

ESP Dave's picture

Hi Guys,

This will be my one and only time I go on this forum as I am decrypting my disks and switching to an encryption application that does not take a few hundred quid from me only to keep breaking my bloody macs each time Apple makes tiny upgrades to OSX.  My confidence in PGP has evaporated and I now have a niggling feeling that if I really needed to do a recovery one day then this PGP/OSX mis-marriage may well cause me a major headache - goodbye Symantec.

I kept PGP upgraded until my licence expired a couple of months ago but was surprised that 10.6.8 upgrade broke my mac again (I naively thought that this was sorted out last year).

I know that there are workarounds with manual updates or keeping your support contract up-to-date but this situation should not have occurred and the fact that it has again even though I updated PGP since the first cock-up suggests to me that Symantec have not got a full handle on the situation.

Anyway, luckily the advice from PGP to re-boot with a PGP recovery disc and the spending many hours decrypting is not necessary - thanks to Apple users' advice you can get out of jail using the following method (it just worked like a dream for me on my iMac, I hope it works for you):

 

1) Boot into your OSX install CD

2) don't install but go to utilities and select terminal

3) in terminal type diskutil list

4) note the location of your boot partition (labeled Boot OS X"

5) type diskutil mount <bootpartition> (ie diskutil mount disk0s3)

6) type cd "/volumes/boot osx/system/library/coreservices"

7) type cp pgpboot.efi boot.efi

8) exit terminal and reboot and you should get back to your PGP login screen. If not you may need to recover the disk.

 

The apple thread is here:

 

https://discussions.apple.com/message/15494787

 

Good luck and goodnight PGP,

 

Dave

PGP_Ben's picture

People have been doing this on their mac's for some time now. Ever since the problem first starting occuring last year. That is actually part of the problem. It's a quick-fix, a workaround, a hack if you will. It doesn't SOLVE the problem. It just camaflauges the symptoms.

In order to fix the problem, for good, you have to update you version of PGP software.

This is because in newer versions of the code, we put protections in place that don't allow the apple software updater to overwrite PGP's system boot files. We found this was a problem late last year, and corrected the problem then.

Those people that are running PGP Desktop 10.1.2 (any build in this series) shouldn't have been affected at all by this Mac OS X update. But those that overwrote the boot.efi file. Will surely have the same problem the next time that Apple pushes out an efi file update. Which could very well be in a couple months again. Those that are still running PGP Desktop 10.0 and even those that are running some builds of 10.1 will be affected as well.

Furthermore, we have a partnership with Mac, but how are we to post about issues with an update before the update even comes out? To the best of my knowledge, they don't supply us with updates pre-release to public. Contrary to what most would believe.  We get them the same time that everybody else does, it's usually in rapid response to a critical problem. Software vendors (and not just PGP in this case) are left to figure out how to get their software to stay working and not break when Apple (or even Microsoft for that matter) releases updates to their kernel and EFI updates or on the PC side hardware manufacturers release BIOS updates.

A quick google search for "mac os x update disk encryption problem -pgp" would show that PGP isn't the only software manufacturer that has to deal with this problem on a regular basis.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

Granted, I don't have a whole lot of sympathy for folks who are having this issue for the nth time (we should all know better).

However, PGP bears some real responsibility here.  PGP didn't just disable the automatic update mechanism, they set it to give a false sense of security by responding that 'you're on the current version' (the worst of all possible options).  The function should have either been completely removed from the last version provided via the mechanism, or should respond 'you may be on an out of date version, please check the pgp website.' or at least some error message that would trigger them to look for another alternative.  Only users who are savvy enough to dig up the forums, wade through the complex, confusing, often offline, partially functional Symantec licensing solution (since they can no longer call in for support because of the new policies) are aware that there are any issues.

I also have to note though, that even large corporate implementations are being bit by this because of delays in supplying updates before the automatic OSX update feature kicks in and users accidently click through.  Given the on-going history of issues, as I said years ago, PGP needs to do the following:

1) Recommend that PGP users disable automatic updates for OSX.

2) Provide a consistent, reliable location to disseminate compatibility information.  The KB is NOT adquate (it's hunt for the right keyword).  It needs to be a single URL that doesn't change.   For known incompatibilities, it needs to be a proactive email notification to each and every customer. 

3) Provide a guarenteed SLA as to how long after the release of an OSX update it will be before PGP provides information on compatbility (just info - not a fix) through #2 above.  It was supposed to be the blog, but the recent posting about the 10.6.8 issue was removed.  That's downright negligant.

Having said all this before, I have absolutely no expectation that it will change.  So here's a different recommendation instead:

Kill the product.  Discontinue PGP for the Mac.  End support with the current version.  Don't even try to release something for Lion.

PGP_Ben's picture

 

Mallardduck,

The blog is right here

Second result when you search google for 10.6.8 update PGP

Ben

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

It appeared here: https://www-secure.symantec.com/connect/symantec-b...

which was the link we were given the last time this happened, for a day or so then disappeared.  That's what I mean about a specific URL that never changes (especially when it was what PGP gave us!)

ESP Dave's picture

Hi Ben,

I do appreciate that you are in a tight spot with all this, and I can sympathise a little.  However, you have to appreciate that unlike (for instance) the latest update causing Photoshop to not work temporarily is way way down the scale of upset compared to me having a fully encrypted hard-drive that no one is fully confident in how they are going to recover it.

This may well be affecting more than just PGP but I tell you this - no other of the many applications that I have used over the years has needed so much attention to ensure you have the right licence and the right disk available at all times else you could have an expensive IT bill on your hands, or worse.

I did make upgrades on my Macs for PGP since the first problem last year but I still got caught out - probably my omission but I simply cannot keep up with the many changes to versions and LEMS procedures.

I know it is defeatist of me but I would rather switch to manageable partial encryption using Filevault and then WDE using Filevault2 soon where I am much more confident of Apple's full support.  Sorry for you guys, but I hope that you understand that I cannot leave this to chance.

On the bright side - you did manage to get over £300 GBP from me for just over one year's encryption service - well done.

Dave

wlynch's picture

Dave,

I REALLY want to thank you!  I am a total non-techie and after 2 1/2 hrs going back and forth between Apple and Symantec, stumbled across your comment and decided to give it a try.

What the hell right?  Worse thing that happens I have to re-install everything.  Wouldn't you know, it worked.

I'm able to reboot fine and I haven't lost a thing...except time a few hours of stress!

 

Thanks,

Will

ESP Dave's picture

Will,

I am glad you managed to get past that sinking feeling from getting the ominous grey screen. Of course, as Ben said, this is only a hack and you will need to do either of the following before updating OSX next time:

1. update PGP WDE for Mac to a suitable build (seems like 10.1.2 is solid)

or

2. download the update from Apple and instal it manually (a simple procedure)

I am taking a third option and moving over to Filevault2 when Lion is released in the next week or so - it does not have the same strength of encryption as PGP which is an issue for some of my clients but in my mind, I would rather chance 128 bit vs. 256 bit encryption before chancing that when I really need it most then my PGP Time Machine backup does not do the job.

I would upgrade to 10.1.2 if I were going to stick with PGP but my licence has expired and I do not want to shell out even more money for a support licence when I can get Lion for £20.

Right! That really really is my last post!

Bon chance,

Dave

PGP_Ben's picture

Mallardduck, I'm looking at the reason why this blog isn't showing up under Encryption anymore. It should be.

BTW, in response to peoples comments about keeping up on product updates/issue. You can always subscribe to the RSS feed for the Encryption blog here.

https://www-secure.symantec.com/connect/item-feeds/blog/18781/feed/all/all

Another option is to open one of those blog entries on the encryption blog section. Scroll down to the very bottom where you would normally leave comments and setup a subscription there, check the box that says "encryption blog" and then you will get notified when changes are made in the blog.

 

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

Thanks Ben - sounds like a technical glitch.

 

The Lion GM is out today, so this may be my last post to the community.  Best of luck to you and the other folks trying to deal with all of us irate customers - I hope your management and development teams get their act together and make life easier on you.

CharmedQuark's picture

I have just resurrected my MacBook Pro after today's(07/02/2011) Apple Update(10.6.5) with the cogent advice of now SIR ESP Dave's step by step solution to the bottomless stupidity of Symantec, who seem determined to destroy the PGP customer base.  Follow the advice of Sir Dave, but a cautionary note....on line (5) be sure to use a zero-slash instead of 0 or a capital O in the <bootpartition>.  This neat little sequence saved my data, and probably my sanity.  

Mike_John's picture

I just installed Lion on my MacBook Pro. Then I installed PGP PGP Desktop10.1.2 with out a hitch. However, when I went to run the program it says, that this version of PGP is not compatible with Lion.

As much as I would love to use the internal Lion encryption, it seems that while convenient and seemless, it is deficient in its scope. This is typical for Apple, -form over substance. In a world of 256 bit encryption, (even with cascading cyphers as TrueCrypt) Apple resorts to 128 bit encryption. Unbelievable!

The last time Apple updated to Snow Leopard, it took almost a year for PGP to send out an update. How long will we have to wait now?

mallardduck's picture

Uninstall PGP immediately and do not attempt encryption.  PGP has a long history of bricking machines on unsupported OS versions.

 

There is a lot of discussion that AES-128 may as, or more, robust than AES-256 due to some particular vulnerabilities in the latter.  More bits is not always better.

Mike_John's picture

I installed it on a bootable external drive for testing purposes. Lion encryption is NOT serious encryption from my viewpoint. Here's why.

When you first install Lion ( Like any OS) it asks you to set up a password. This password -if you are going to be using WDE - should be short and not a passphrase for convenience sake. But here lies the rub with Lion: it does not allow you to set a seperate passphrase for your whole disc encryption of your drive. So you either have to have a very short password that is inherently insecure or you are going to have to type your long passphrase everytime you need to change a setting or give your Mac permission to do something. You are also not given any discretion as to what type of encryption to use.

As I stated above, the Mac is about convenience, form, and as little tailioring as possible. I am NOT a fan of PGP. I wish we had more choices for WDE on the Mac. Maybe TrueCrypt will come to the rescue. Also, after being aquired by Symantec, people should feel a bit uneasy about a possible government backdoor. However, using the internal encryption in Lion does not enhance my cool.

mallardduck's picture

So you never leave your machine unattended while running? Hotel room?  Office?

 

I've been using similar length passphrases for both OSX and PGP for years.  It's nice to now just have one to remember.

jay4959's picture

While doing research on lions wde I was also concerned with the admin pass problem you mentioned.

I dont have a lion ready macbook yet to test so would:

Admin1 with secure passphrase used to boot

Admin2 with easy password used to manage osx

user1 with easy password for day to day work

or would I not be able to keep admin2 from booting?

PGP_Ben's picture

I can assure you that there are no "government backdoors" in our code. I would also agree with you on the Mac OSx lion encryption built in. It may be useful for small home environments and mac's used by one individual for some level of protection. But it's not enterprise grade security and it doesn't afford you additional features that PGP WDE does such as the Whole Disk Recovery Token, and using an Administrator passphrase.

I don't see anything indicating that the Lion full disk encryption will be FIPS certified. it also cannot be managed.

That is why I only see that their software may be useful in home/small business sized environments.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

mallardduck's picture

Actually it can be managed, simply by capturing the recovery token generated during the encryption phase.  99% of people don't need FIPS certification.  Now that there's a viable alternative for most of the market, PGP's share will shrink, revenue will drop, resources will be reassigned, and support will get worse - not better - than it's been in the past.

But in general, you're correct it's not a managed solution.  However, neither is PGP (unless you count reimaging countless bricked machines, delaying critical OS updates, waiting for communication from a vendor, being unable to obtain patches in a timely manner as being managed).

Be careful about throwing rocks in glass houses.  The walls may be different, but they're still glass.

Mike_John's picture

I agree with you totally. The encryption built into Lion is not a serious alternative to PGP.

But could you give us some clue as to approximately when there will be an update for Lion?

The only thing holding me back from installing it on my main machine is lack of PGP support.

PGP_Ben's picture

for those that were wondering, we were able to fix the blog entry so that it shows back up under the Encryption blog.

https://www-secure.symantec.com/connect/symantec-blogs/encryption-blog

 

All new updates from Symantec regarding PGP encryption products will show up on that blog. So you may want to look at going into your profile and changing your notification preferences to have Symantec email/notify you of any additions/changes to this blog.

You can do so by clicking on the "Account" button at the top of Symantec Connect. Then click on "My Profile".  Click on the Notifications tab. Then click on the Tags tab.  This will enable you to subscribe to the "Encryption" blog as well as any other blogs.

This is an easy way to stay in touch with Symantec when we post new updates on PGP products.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Roesch's picture

This blog entry states, that using PGP 10.1.1. Build 18 and newer there will be no issues when updating to 10.6.8.

I tried the Apple combo update for 10.6.8 on my machine running the latest official 10.1.2 (Block 9), assuming that would be sufficient for a flawless update, but I was wrong. The Mac started over and over again after typing the passphrase into the login screen. 

I had to boot from the clone in target disk mode and decrypt the 1 TB drive. 

Now, before I start encrypting, could someone answer the following questions:

1) Any suggestions why I ran into this problem, although I used 10.1.2?

2) How to avoid the same problem on the 5 other machines I'm responsible for? (It is impossible to take them out of business for a complete decrypting and encrypting)

PGP_Ben's picture

There were two seperate bugs related to Mac OS X update issues with WDE. The bug with the combo updater issue was addressed in 10.1.1 Build 18. I don't see anything in our release notes for 10.1.2 build 9 however about this issue as resolved. So the fix might not have made it into the general release in time.

At any rate, support is really recommending that customers update to SP3 given the list of "known issues" that were resolved with SP3 anyways. For your reference that version is PGP Desktop 10.1.2 Build 50.

For future reference, you can easily obtain the Recovery Images here and burn it to a CD. Then use that to boot up that mac and update it vs having to decrypt the drive. Which can take a lot more time.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Stork476's picture

...which is available only through symantec support; version 10.1.2 (build 50) should solve the booting issues.

Please look in other threads in the PGP-WDE Mac forum how to get it

desertrat's picture

I accidentally installed the OS X update 10.6.8 over my PGP version 10.1.1 Build 10.  I am able to boot into my system using the PGP recovery disc.  I also have downloaded PGP Desktop 10.1.2.  Now, how do I install PGP Desktop 10.1.2?  Do I just install it normally, on top of 10.1.1?  Or do I have to o something else to install?  After I install the new version, I am all good to go? 

 

And just to confirm the way to fix this, if I understand correctly.  I should have updated PGP to version 10.1.2 first, then I wouldn't have had a problem with the 10.6.8 update?

PGP_Ben's picture

Those assumptions are correct. Yes you are fine to install it over the top of 10.1.1. I would request 10.1.2 SP3 just to be safe. Check your inbox and I sent you a PM.

Yes if you had PGP Desktop 10.1.2 or newer, that should take care of the problem with updating.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Filevault's picture

Put 10.1.2 SP3 on licensing portal if it's so damn needed to unbrick our HD!

Now Apple has just released Mac OS X 10.6.8 Supplemental Update... wondering if PGP will brick again my HD... can't wait to upgrade to Lion and dump PGP once and for all.

desertrat's picture

@PGP_Ben  Thanks.  I replied to your PM earlier today, you didn't get it?  Gave you the info you asked for there.  Anyway, thanks for clarifying that for me.  I'm not sure if I got SP3, I don't recall it saying anything about that when I got the download.  How do I check that?  The download I got just said PGPDesktop10.1.2_MacOSX.tar.gz

jay4959's picture

On the download screen only 10.1.1 and earlier appeared. Then I filtered for 10.1.2 presto it appeared.

10.1.2 was posted 4/7/11 and date stamped 3/21/11 is this the most recent?

or need I find a date filter or a sp filter or maybe a build filter?

Sarah Mays's picture

10.1.2 that is on fileconnect will work for 10.6.8 update issue, however there is an even newer version of PGP desktop available on pdc.pgp.com. version 10.1.2 SP3 (10.1.2 build 50) this version resolves the 2011 macbook pro SSD issue, if you need this update support has to create a pdc account for you and add access to that download.

 

neonjohn's picture

Ben,

I have quite a dilemma. I updated the OSX system on a corporate client's Mac Mini (used for audio production), and now the PGP, as mentioned above, won't us start at all, even in safe mode.

My client unfortunately does NOT have a backup boot CD and the OSX disk that came with the computer only wants to resinstall OSX.

Is there ANY way, perhaps starting it in Firewire target mode, that we can get in there and update PGP? 

Wiping it could be a problem too, since they will lose their Pro Tools authorization (and don't have that doc'd either!).

And of course, I am the vendor who broke their computer! Please advise.

calvin940's picture

You can wait for some official advice, but my recommendaton is install MAC OS-X on a USB drive, install the same version of PGP and OS-X that he had working on his Mac Mini prior to the update.  

Then boot that USB drive and get into the commandline pgpwde tool and authenticate the Mac Mini boot disc and then decrypt it.

There are a number of docs available on google (I have had to do thise before a couple of times) on how to do this and recover your drive contents.

Hope that helps

PGP_Ben's picture

You can download the recovery images for Mac here and burn one to cd using another the Disk Utility on another mac. Then boot the mac mini off that cd. Be sure to download the same version of recovery image, as the version that the drive was encrypted with.

http://www.symantec.com/business/support/index?page=content&id=TECH152610&actp=search&viewlocale=en_US&searchid=1314029138576

You can use target disk mode to mount the mac mini as an external drive to another mac. You need to be sure that the other mac that you are using to target the mac mini with has the same version PGP Desktop installed

or you can do as calvin940 has suggested also

I would decrypt the disk, install PGP Desktop 10.2. Then rencrypt the drive.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Kellogg's picture

I had exactly the issue above. Ran updater and got prohibitive sign on my Mac Book Air

The problem is that the MBA now doesn't show anything but the HD when option key held even with external HD attached with disk image of snow leopard on it...and I've done a few times.
I can run target disk as there is no fire wire drive.
Can't run CD since there's no bay (and not convinced it would work if I bought an external DVD drive)

Any suggestions?

PGP_Ben's picture

I have heard from many customers that using a superdrive will allow you to boot off a CD on the macbook air.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Winfax's picture

How Can I boot from a CD when updated to Mac OS 10.7.1?

Winfax's picture

How Can I boot from a CD when updated to Mac OS 10.7.1?

PGP_Ben's picture

It should be the same process, no matter what version of Mac OS you use. But I should state that Mac OS 10.7.1 is not supported by PGP currently.

I would try it with a 10.2 recovery cd found here:

http://www.symantec.com/docs/TECH15261

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.