Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

To Instrument or Not Instrument a Second Drive in Linux

Created: 11 Feb 2014 • Updated: 12 Feb 2014 | 3 comments
This issue has been solved. See solution.

This question is related to Symantec Drive Encryption for Linux 10.3.

I've sucessfully encrypted disk 0 containing the /boot partition. Now I need to encrypt a second disk (disk 1) located in the same machine. Does disk 1 (not the boot drive) need to be instrumented prior to encrypting it?

I understand the instrument command overwrites the MBR with PGPMBR but am not sure if it is only meant for the boot drive and not on secondary drive.

Thanks.

Operating Systems:

Comments 3 CommentsJump to latest comment

dcats's picture

Hi symuser2013,

I didn't have the chance to test this in Linux, but it should be enough to use the 'secure' command, it will do all necessary steps.
"The --secure command instruments the drive, creates an authorized user, and encrypts the drive, all using a single command."

Symantec Drive Encryption 10.3.0 for Linux Release Notes - DOC6204

Among other information you can find:
--- snip ---
Note:
The PGP BootGuard log-in screen accepts the authentication information from any user configured for an encrypted disk or partition. For example, if you have two users configured for a boot disk or partition and two different users configured for a secondary fixed disk or partition on the same system, any of the four configured users can use their passphrase to authenticate on the PGP BootGuard log-in screen at startup, even the two users configured on the secondary disk or partition.
--- snip ---

Rgs,
dcats

symuser2013's picture

Thanks. After a little digging, I found the undocumented command to add a second drive to a drive group, encrypt and automount it upon reboot:

pgpwde --add-group-disk --base-disk <disk # of boot drive> --disk <disk # of second drive> --auto --passphrase 'yourpassword' --username "user name" --all --safe-mode

SOLUTION
dcats's picture

Thank you for posting your solution!

Rgs,
dcats