Symantec Drive Encryption [Formerly PGP Whole Disk Encryption] Recovery on Macintosh using Target Disk Mode

Article:TECH149514  |  Created: 2009-08-13  |  Updated: 2013-11-26  |  Article URL http://www.symantec.com/docs/TECH149514
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Environment

Issue



If you are unable to boot a Macintosh system which has been encrypted with Symantec Drive Encryption, you can use Target Disk Mode to troubleshoot or decrypt the drive.


Solution



Most newer Apple systems support Target Disk Mode, which allows the computer to be slaved to another Macintosh to access the drive contents. The Apple system must have Firewire or Thunderbolt ports to allow Target disk mode.

(NOTE) Currently as of Mac OSX 10.8.4 and Symantec Encryption Desktop 10.3.0 MP3 - slaving an encrypted drive using Thunderboltis supported. Please see TECH201009; for more information on when this will be supported in the future.

The master machine must have Symantec Encryption Desktop installed and licensed for Symantec Drive Encryption. Once the slave computer is booted in Target Disk Mode and connected to the master machine, Symantec Encryption Desktop will detect the encrypted drive and request the passphrase for the problem computer to to unlock the drive. Once the drive is authenticated, it will appear as an attached volume on the master Apple system just as any other external storage device.

At this point, you may access the data on the problem machine, copying the data if necessary to another device. You may also use Symantec Encryption Desktop or pgpwde command line tool (in the Terminal app) to decrypt the drive, so long as the consumer policy on the master Apple system is allowed to decrypt. Alternatively, if a WDE admin passphrase user is used to encrypt the drive, you may use those credentials to decrypt the drive.

For example, to decrypt a drive from pgpwde command line, run the Terminal application located in Applications>Utilities. From there you can see a what encrypted drives are attached, the status of the disk, unlock the disk for access or even decrypt, among many other useful troubleshooting.

To list disk current disks attached to the computer:

pgpwde --enum

Boot disks are typically labeled 'disk 0'

To check the encryption status of a drive:

pgpwde --status --disk n

Where 'n' is the number of the disk you wish to query.

To access the disk if Symantec Desktop Encryption did not prompt for passphrase:

pgpwde --auth --disk n --passphrase "passphrase here"

Where 'n' is the disk you wish to access. This unlocks the drive, making it possible to copy the data from the problem disk to another storage device.

To decrypt a disk use the following command:

pgpwde --decrypt --disk n

If any of the above commands cannot be found, even though Symantec Encryption Desktop is installed, it may be necessary to run the commands from /usr/local/bin with a ./ in front:

cd /usr/local/bin/ ./pgpwde --help

Symantec Drive Encryption Command Line Guide can be found in the related article section below


Supplemental Materials

SourceETrack
Value2535344
Description

PGP WDE doesn't support the Thunderbolt interface in Mac OS X



Legacy ID



1583


Article URL http://www.symantec.com/docs/TECH149514


Terms of use for this information are found in Legal Notices