Video Screencast Help

Unable to Boot Mac OS 10.7.5 after installing PGP

Created: 06 Dec 2012 | 11 comments

I have Mac OS 10.7.5.

Darwin Kernel Version 11.4.2

When I reboot, I am taken to the PGP login.  I am able to successfully login with the passphrase.  However once I log in, I am taken to the Apple logo.  Eventually the Apple logo is replaced with a circle with a line through it. 

The only way I am able to get my data is to mount the hard drive using another system that has PGP installed.  Then I can put in my passphrase and unlock drive.

If I uninstall PGP, then I am able to use computer again.

This has happened on two different macbook pros.  Some of the computers are not affected.

Is there a list of incompatible hardware or anything that may be causing the conflict?  I am trying to figure out why this is affecting me on some systems but not others.


Comments 11 CommentsJump to latest comment

Sarah Mays's picture

What version of PGP desktop are you using?

If your computer is filevault 2 encrypted, installing PGP will cause this issue. PGP's WDE driver is not FV2 compatible, if you dont need  PGP's WDE you might be able to do a custom install w/o the WDE driver being installed.

brianjb's picture

I don't have the disk encrypted with Filevault.

PGP Version 10.2.1 Build  4461

brianjb's picture

No, they are retina ones.  These are "15-inch, Early 2011"

bghill's picture

This particular issue I have seen on a couple of occasions. In our test lab in my organization we have a system "MacBook Pro (13-inch, Early 2011) running OS X 10.7.5 build 11G56 with PGP WDE, Version 10.2.1 (Build 4461) " which has been fully encrypted with PGP WDE and connected to a PGP Enterprise management and enrollment server in our production environment.

This issue is identical to the issue that brianjb is experiencing.

The current version of WDE released for production in our environment on Non-IvyBridge based Macs (Mid-2012 Models) is PGP WDE, Version 10.2.1 (Build 4461) 

After this system had been encrypted for at least a month, one day I booted the system, authenticated through the boot guard successfully, the Booter is loaded (as indicated by the Apple emblem), then the Kernel begins to load (as indicated by the spinning gear icon) and after about 30 to 60 seconds the prohibitory sign is displayed, which replaces the Apple emblem.

There is nothing that I know of that has changed on this system during this time other than the normal software patch cycle which excludes PGP.
I put the system in target mode and connected to another system and unlocked the drive. After browsing browsing the drive for log files and viewing them, I can not for the life of me find any usable diagnostic information from any of the system logs such as /var/log/kernel.log, /var/log/pgpwde.log, /var/log/pgp-status.log, and any related files in /Library/Logs/ directory. I suspect that the system is halting before it gets to log any diagnostic information. 
Normally on a Mac you can boot in Verbose mode (Command + v at startup) and see what the system is hanging on, but when PGP WDE bootguard implamented all of the normal diagnostic methods are thrown out the window. You can't access single user mode, verbose mode or safe mode / safe boot, etc..
On all of the systems that I have experienced this with, once the system is fully decrypted and bootguard is de-instramented, The system boots fine. I'm assuming that is because it is booting natively from the blessed OS X system volume/System directory and not the PGP "Boot OSX" volume/System directory.
Any help or insite would be greatly appreciated!
See attachment.
bghill's picture

I was able to get verbose mode to work by modifying the firmware with the nvram command at the terminal.

On the no boot situation, I was able to boot from the system with a external boot drive with PGP installed. I then unlocked the disk, opened the terminal and issued  sudo nvram boot-args="-v"  at a terminal. I rebooted the system and was then greeted with striped down version of the PGP boot guard screen, which only presented me with text asking for a passphrase.

This still doesn't tell me much other than I'm assuming that the system can't boot from the root volume (chosen blessed volume).

See attachment.

brianjb's picture

This happened to me again this weekend for the third time on three different computers.

I create a local user account as a standard rule.  The reason being is if there is a problem with my domain account, then I can log in with that username.  But I haven't been adding that user to PGP.  

Does anyone think that this is an issue?

Sarah Mays's picture

sounds like one of the macs having this issue is bound to AD, there's an old bug (from 10.0.2) that was resolved, but sometimes old bugs come back. Check pgpwde.kext permissions

$ ls -alF /System/Library/Extensions/PGPwde.kext/Contents/MacOS/

total 2160
drwxr-xr-x  3 root  wheel      102 Jul 20 17:38 ./
drwxr-xr-x  5 root  wheel      170 Jul 20 17:38 ../
-rw-r--r--  1 root  wheel  1104056 Jul 20 17:38 PGPwde
If the file permissions are different then what's shown above, that could be causing the non boot issue. You can try fixing it by issuing this command:
$ chgrp -R wheel /System/Library/Extensions/PGPwde.kext
PGP_Ben's picture

Can anyone confirm whether Sarah Mays resolved your isseu with your suggestion? I was thinking of suggesting something very similar.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

FYI, we actually recommend that you use Symantec Encryption Desktop 10.3.0 and newer with OS X 10.7.5 release. This was because 10.7.5 came out after we released 10.2.1 MP3 I believe and 10.2.1 MP4 the focus was around introducing Mac OS X 10.8.x support.

Check here for a list of supported releases of Mac OS X with corresponding Symantec Drive Encryption (formerly PGP WDE) versions:

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

can we mark this thread as solved?

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.