Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

pgp whole disk encryption not properly encrypt internal mac disk drive

Created: 20 Feb 2011 | 7 comments

Whole disk encryption bricked the mac laptop. Details below.

 

mac os x 10.6.6

pgp desktop 10.0.3 (Build 1)

Sequence of GUI steps:
PGP Desktop / PGP Disk / Encrypt Whole Disk / Encrypt a Disk...
select ST9500420ASG /dev/disk0
Encrypt

Resulting Dialog box:
"An error occurred while encrypting your disk:"
"file not found"

It would have been nice for the pgp application to list the missing file. (If it is listed in the separate PGP log viewer GUI, I forgot to look there.) I assumed that the pgp application had some error handling, and (1) retried, getting the same result. I also (2) rebooted, at which point the device was bricked.

 

Before the reboot, I collected some information:

pgpwde --status --disk 0
Disk 0 is not instrumented by bootguard.
Request sent to Disk status was successful

mount | grep disk0
/dev/disk0s2 on / (hfs, NFS exported, local, journaled)

pgpwde --enum
Total number of installed fixed/removable storage
device (excluding floppy and CDROM): 2
Disk 0 has 3 online volumes:
  volume disk0s1 disk0s1 is on partition 1 with offset 40 (excluded)
  volume disk0s2 Macintosh HD is on partition 2 with offset 409640
  volume disk0s3 Boot OSX is on partition 3 with offset 976510984 (excluded)

I half-noticed that disk 0 had 3 lines, unlike a week or two before:

pgpwde --enum
Total number of installed fixed/removable storage
device (excluding floppy and CDROM): 1
Disk 0 has 2 online volumes:
  volume disk0s1 disk0s1 is on partition 1 with offset 40 (excluded)
  volume disk0s2 Macintosh HD is on partition 2 with offset 409640
Request sent to Enumerate disks was successful

 

If I boot from the mac cd, run disk utility / first aid / repair disk, then the apple software says "updating boot support partitions for the volume as required"

If I then restart, I still get an all-grey blank screen

 

If I then boot from the mac cd, run install mac osx, then the apple software says that it cannot start up from Macintosh HD, and so will not continue (even after another run of first aid first, which is happy).

Currently, I am installing the mac osx to an external usb drive in an attempt to get the laptop going again.

Comments 7 CommentsJump to latest comment

mallardduck's picture

Right off, you should unencrypt and uninstrument the disk (instructions should be in the KB on the latter - the recovery disk may also be appropriate - check that KB too), then upgrade to 10.1.1 before attempting it again.  A brute-force option is to re-partition the drive (not just erase) which will destroy all information, including the PGP instrumentation.

SymConForMe--'s picture

The response may be helpful, but is too brief to follow. A few more details would help.

 

I have a 10.1.1 tar file downloaded -- assuming the eval copy will work out with whatever it finds on the disk, but I also have the license key to re-apply if needed. I was going to apply 10.1.1 to whichever disk (internal or USB) was able to be marked bootable by the mac os CD.

SymConForMe--'s picture

The first corrective attempt was to boot the USB drive based on the MacOS CD. Using diskutil list, and mounting disk0s3 (Boot OSX partition), and going to the CoreServices directory to manipulate the pgpboot.efi and boot.efi files as some postings indicate did not suffice. It boots to just a grey screen, so I used the USB drive to revert the efi manipulations.

The corrective steps were:

Run disk utility / First Aid / Repair Disk

"Updating boot support partitions for the volume as required"

 

Disk utility / Partition

Alter from 499.76 GByte to 498.1 GByte and apply

Low disk utilization and minimal effort of partition tools let me feel there would be no real risk to file system contents.

 

Reboot still leads to grey screen, but inserting the Mac OS CD while in that state boots it. One can now install to the Macintosh HD (internal drive).

 

Disk util list

now shows just disk0, disk0s1, and disk0s2.

 

Remember to check for and apply updates. (Since now running the CD contents, not what had previously been kept up-to-date on the hard drive.)

 

Note that PGP 10.0.3 / PGP Desktop / PGP / Check For Updates lists nothing! (I think this leads to a false sense of security, and the sequence of events.)

Apply the 10.1.1 tgz download. It now runs 10.1.1 (Build 10) PGP SDK 4.0.1.

SymConForMe--'s picture

FYI, in this state with current MacOS software and current PGP software, the internal drive will still not Whole Disk Encrypt.

10.1.1 [Build 10]
PGP SDK 4.0.1

with Power Failure Safety:
An error occurred while encrypting your disk:
PGPError #2

without Power Failure Safety:
or successive with it:
An error occurred while encrypting your disk:
PGPError #22

pgpwde --status --disk 0
Disk 0 is not instrumented by bootguard.
Request sent to Disk status was successful

mount | grep disk0
/dev/disk0s2 on / (hfs, NFS exported, local, journaled)

pgpwde --enum
Total number of installed fixed/removable storage
device (excluding floppy and CDROM): 2
Disk 0 has 2 online volumes:
  volume disk0s1 disk0s1 is on partition 1 with offset 40 (excluded)
  volume disk0s2 Macintosh HD is on partition 2 with offset 409640

The PGP error reporting is inadequate to determine a next step.

SymConForMe--'s picture

The next step was an attempt to start from scratch.

Based on information in urls such as:

    http://kb.mit.edu/confluence/display/istcontrib/Ma...

    https://pgp.custhelp.com/app/answers/detail/a_id/8...

combined with a scan of the hard drive (find / -iname \*pgp\*) I tried the following:

Manually remove all of PGP:
---------------------------
ps and kill listed PGP processes

rm -rf /Library/Receipts/PGP\ Desktop.pkg
rm -rf /Library/Application\ Support/PGP/
rm -rf /Library/Contextual?Menu?Items/PGPcontext.plugin
rm -rf /Library/Extensions/PGPdiskDriver.kext
rm -rf /Library/Extensions/PGPnke.kext
rm -rf /Library/Frameworks/PGP.framework
rm -rf /Library/Frameworks/PGPclient.framework
rm -rf /Library/Frameworks/PGPproxy.framework
rm -rf /Library/Frameworks/PGPui.framework
rm -rf /Library/Frameworks/PGPusp.framework
rm -rf /Library/Frameworks/PGPwde.framework
rm -rf /Library/Receipts/PGP.pkg

rm -rf /Library/LaunchDaemons/com.pgp.framework.PGPwde.plist
rm -rf /Library/PrivilegedHelperTools/com.pgp.framework.PGPwde
rm -rf /Library/Receipts/PGPwde.pkg
rm -rf /Library/StartupItems/PGPDesktopWatcher

rm -rf /private/tmp/.pgp*
rm -rf /private/tmp/pgp*
rm -rf /private/var/run/*pgp*
rm -rf /private/var/tmp/*PGP*

rm -rf /System/Library/Extensions/IOStorageFamily.kext/Contents/Resources/pgpdisk.icns
rm -rf /System/Library/Extensions/PGPwde.kext

rm -rf /Applications/PGP.app
rm -rf /Applications/PGP\ Shredder.app
rm -rf /Applications/PGP?Viewer.app

rm -rf /PGPWDE*

rm ~/Library/Preferences/*pgp*
rm -rf ~/Library/Caches/*pgp*
rm -rf ~/Library/Caches/*PGP*
rm -rf ~/Library/Logs/PGP*
rm -rf /Users/Shared/PGP*
rm -rf /usr/local/bin/*pgp*

cd /System/Library/CoreServices ; mkdir xxx ; mv *pgp* xxx

 

Then

reboot
remove PGP from dock

apply PGPDesktop10.1.1.dmg
says successful. restarts.

first reboot was unresponsive to touchpad. Plugged in USB mouse.
Then unresponsive to keyboard. So, used mouse to trigger reboot instead
of login.

On reboot, could log in.

Provided name/org/email/license
say have used pgp before and have keys
browse to Documents/PGP for public key ring (private implied in same directory)

reboot, as a test. boots ok.

open pgp desktop
select pgp disk
encrypt a disk...
select disk 0 (internal hard drive)
enter passphrase
check power failure safety
reports PGPError #2
At least it boots ok.

 

As a double-check, list the files from the install:

drwxrwxr-x  3 root  admin  102 Apr  3 17:47 /Library/Receipts/PGP Desktop.pkg
drwxrwxr-x  5 xxxx staff  170 Apr  3 18:04 /Library/Application Support/PGP
drwxrwxr-x  3 xxxx staff  102 Jan 13 00:01 /Library/Contextual Menu Items/PGPcontext.plugin
drwxr-xr-x  3 root  wheel  102 Jan 13 00:01 /Library/Extensions/PGPdiskDriver.kext
drwxr-xr-x  3 root  wheel  102 Jan 13 00:01 /Library/Extensions/PGPnke.kext
drwxrwxr-x  6 root  admin  204 Apr  3 17:47 /Library/Frameworks/PGP.framework
drwxrwxr-x  6 root  admin  204 Apr  3 17:47 /Library/Frameworks/PGPclient.framework
drwxrwxr-x  5 root  admin  170 Apr  3 17:47 /Library/Frameworks/PGPproxy.framework
drwxrwxr-x  6 root  admin  204 Apr  3 17:47 /Library/Frameworks/PGPui.framework
drwxrwxr-x  6 xxxx staff  204 Apr  3 17:47 /Library/Frameworks/PGPusp.framework
drwxrwxr-x  7 root  admin  238 Apr  3 17:47 /Library/Frameworks/PGPwde.framework
drwxr-xr-x  3 root  admin  102 Apr  3 17:47 /Library/Receipts/PGP.pkg
-rw-r--r--  1 root  wheel  796 Apr  3 17:47 /Library/LaunchDaemons/com.pgp.framework.PGPwde.plist
-rwxr-xr-x  1 root  wheel  67572 Apr  3 17:47 /Library/PrivilegedHelperTools/com.pgp.framework.PGPwde
drwxrwxr-x  3 root  admin  102 Apr  3 17:47 /Library/Receipts/PGPwde.pkg
drwxr-xr-x  4 root  wheel  136 Jan 13 00:01 /Library/StartupItems/PGPDesktopWatcher
srw-------  1 xxxx wheel    0 Apr  3 18:19 /private/tmp/.pgp-agent-xxxx-501
drwxrwxrwx  3 xxxx wheel  102 Apr  3 18:19 /private/tmp/.pgp-locks
srw-------  1 xxxx wheel    0 Apr  3 18:19 /private/tmp/.pgp-occ-xxxx-501
srw-------  1 xxxx wheel    0 Apr  3 18:19 /private/tmp/.pgpdisk-xxxx-501-sock
drwxr-xr-x  3 xxxx wheel  102 Apr  3 18:19 /private/tmp/pgpnotifier-501
srw-rw-rw-  1 root  daemon  0 Apr  3 18:17 /private/var/run/com.pgp.framework.PGPwde.socket
-rw-r--r--  1 xxxx wheel  5 Apr  3 18:19 /private/var/tmp/PGP Engine-501.pid
-rw-r--r--  1 root  wheel  52412 Apr  3 17:47 /System/Library/Extensions/IOStorageFamily.kext/Contents/Resources/pgpdisk.icns
drwxr-xr-x  3 root  wheel  102 Jan 13 00:01 /System/Library/Extensions/PGPwde.kext
drwxrwxr-x  3 root  admin  102 Apr  3 17:47 /Applications/PGP.app
drwxrwxr-x  3 root  admin  102 Apr  3 17:47 /Applications/PGP Shredder.app
drwxrwxr-x  3 xxxx staff  102 Apr  3 17:47 /Applications/PGP Viewer.app
drwxrw-r-x  2 xxxx xxxx 68 Apr  3 17:58 /Users/xxxx/Library/Caches/PGP
drwx------  3 xxxx xxxx 102 Apr  3 17:58 /Users/xxxx/Library/Logs/PGP
drwxrwxrwx  3 xxxx wheel  102 Apr  3 18:11 /Users/Shared/PGP
lrwxr-xr-x  1 root  wheel  74 Apr  3 17:47 /usr/local/bin/pgpdisk -> /Library/Application Support/PGP/PGP Engine.app/Contents/Resources/pgpdisk
lrwxr-xr-x  1 root  wheel  73 Apr  3 17:47 /usr/local/bin/pgpwde -> /Library/Application Support/PGP/PGP Engine.app/Contents/Resources/pgpwde

using a script where some items had to be skipped because they did not exist:

# $cmd /PGPWDE*
# $cmd /Preferences/*pgp*
# $cmd ~/Library/Caches/*pgp*

Leddraa's picture

Hi there,

Is the machine binded with AD?

I have found the only way to WDE a Mac is to:

1. Install PGP Desktop - restart

2. Log on with local admin account

3. Enrol PGP with account - while the machine is still un - bound from AD

4. Encrypt the drive there and then before adding to AD

5. Restart a couple of times - should find the machine now comes up with the WDE login screen - Use the account you created

6. Then you can bind the machine back to AD

*****The only really annoying thing I've found that Symantec can't yet answer is when you install PGP Desktop and select encrypt drive for the FIRST time you get an error of 'improper initialization' - Which I can't work why!

Then you can go back in and select encrypt and it'll start doing it!

Cheers,

A^

SymConForMe--'s picture

I'll assume AD stands for (Microsoft) Active Directory, in which case this is N/A, and it is unclear why it is mentioned given all the details above.