Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Keyboard do not respond in Bootguard if I use PGP Keys on an eToken

Created: 16 Oct 2012 • Updated: 16 Oct 2012 | 8 comments

Hi,

Issue: Keyboard do not respond in Bootguard if I use PGP Keys on an eToken with PGP-WDE 10.x till 10.2.1 MP3

Environment:  
- OLD ASUS M4A77TD PRO, AMD Phenom II X4 965, Win7/XP
- New ASUS Sabertooth 990FX R2.0, AMD Phenom II X4 965 Win7/XP
 

My investigation to this subject:

1) If I use none smartcard keys in PGP-WDE, Bootguard works fine at all - So I expect the Bootguard can handle my Keyboard, my USB chipset on the motherboard and the SATA harddisks

2) If I add a smartcard based key to an already encrypted drive which works fine with Bootguard, the system hangs after the next reboot on the Bootguard screen. Hangs means, the keyboard is not responding to enter a PIN/password. It hangs independend if the eToken is inserted or not.

3) If I put this harddisk to an older Intel based DELL PC and boot from this disk all works fine - including Smartcard support in Bootguard. So I expect Bootguard or the Harddisk is not corrupted

4) I have tested with different keyboards, with only one USB device (keyboard) connected and with several settings in the BIOS. Of course I have tested all available ports.- nothing helps
 
5) I have excluded USB Host controller with --add-pci-exclusion to prevent conflicts with probing USB Host controllers - this also not help

6) I have replaced the motherboard to make sure that not a faulty board or a problematic chipset is the root cause - this also not help

What I see is that PGP-WDE has problems with their eToken drivers and AMD mainboards/chipsets? Is this true? I do not found a hint to this at any Symantec/PGP support page.

What motherboards are supported?
 

Frank

Comments 8 CommentsJump to latest comment

Tom Mc's picture

This Knowledge Base Article may be helpful.  As well as this KBA,

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

fn-wde-0815's picture

Thanks, but the eTokens Pro 64k that I use work well with PGP-WDE on other (Intel) systems (see point 3). And if I understand PGP-WDE Bootguard right it do not use eToken Windows drivers. Windows drivers are active after the OS (XP/Win7) is up. Looks the BootGuard eToken Driver (Linux?) will be first activated when a smartcard key is used for the WDE.

And if there would be a problem with an unsupported eToken Booguard would allow keyboard interactions in case no token was inserted.

fn-wde-0815's picture

https://www-secure.symantec.com/connect/de/forums/...

As I see I'm not the only one with this issue. Looks the CPU is the root cause of the issue and Symantec is not willing to work on this bug.

Is there anyone here with a working AM3, AM3+ motherboard which works with smartcard based preboot authentication in PGP Bootguard?

zeus29's picture

This issue was never solved for me either.   I dealt with Symantec itself for hours and they weren't able to get it to work. I think it sometype of issue because of AMD, hope someday it gets fixed.  Thanks for letting me know that you were having the same problem Frank :(.

PGP_Ben's picture

I am sorry about the very late response to this thread. Is this an issue that yo uare still facing today with PGP Desktop? There is no compatbility issues with the AM3 chipset, to my knowledge, so I would like to try and rule that out (if possible) first and see if you have any other USB devices attached to the sytsem which could be conflicting?

The most common issue that we have seen related to this is in having an Logitech USB webcam attached ot the system at startup.

I have an test machine with an AM3 chipset. I will see if I can get some testing done on it.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

I stand corrected :)

I tested out an RSA SecureID800 Token on my AM3 Motherboard with AMD Athlon X2 440 Quad Core CPU and after adding the USB token users key to WDE and rebooting it hangs up at the bootguard screen now. The only thing you can do is hard shut it down since it won't respond to any keyboard requests or anything.

I will be filing a bug on this issue tomorrow since I'm able to reproduce it.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

zeus29's picture

Ben,

Thank you for looking into this sir, it is good you have the same issue. Isn't that a typical American?   If I am suffering it is okay as long as my neighbor is as well, nice huh?  lol

Happy Holidays and I look forward to seeing a resolution.

PGP_Ben's picture

The bug has been filed. I did find that a ps2 keyboard works fine as a workaround. But the problem is, more and more motherboards/computer manufacturers are no longer included ps2 keyboard inputs today. But maybe that will help someone in the meantime.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.