Endpoint Encryption

A user aborted an installation of Encryption Desktop on his Mac right after starting it, and then rebooted.  The BootGuard screen came up and allowed the user to log in.  After logging in, the user uninstalled Encryption Desktop using the built-in uninstaller.  However, upon reboot, the BootGuard screen remains.  How do we remove the BootGuard screen as well?  The disk does not appear to be encrypted in any way.

Thank you!

Hello,

Here is an article to remove PGP manually from Mac:

http://www.symantec.com/business/support/index?page=content&id=TECH149057

Try this and see if this helps.

Uninstrumenting PGP BootGuard

1. From the command line, type pgpwde --uninstrument --disk 0 (or for the disk in question) and press Enter. You will then be returned to the command prompt with no further message.
2. This should uninstrument the drive and allow you to boot normally. Type pgpwde --status --disk 0 to verify success.
3. Reboot the computer and you should no longer be prompted for a passphrase.
 

Thanks

Anthony

Anthony:

Thanks for the pointer.  As I mentioned in the original message, PGP has been uninstalled.  Therefore, there is no pgpwde command around any more.

Other ideas, short of reinstalling?

I would have though that was a way to go through open firmware and muck about with the boot.ini file.  Any thoughts on that?

Thanks!

Butch

Hi Butch,

Are you sure that the disk is completely decrypted?
- You can verify this slaving the disk to a machine without SED installed or booting the machine from a "regular" live CD and browsing the contents.

In that case you probably just need to rebuild the MBR. In windows it would be fixmbr.
I never tested this with Mac OS, but it seems that in Mac you would use fdisk.

Have a look at some external links:
http://jonsview.com/fixing-mbr-tables-on-imac-or-mbp-triple-boot-setups
http://hints.macworld.com/article.php?story=20091111185717745
https://discussions.apple.com/thread/4144252


HTH,
dcats

I reinstalled Symantec Encryption Desktop 10.3.2 so that I could get to pgpwde.  Here's what I found:

% pgpwde --status

Hi Butch,

The product had to be fully installed and then started encryption to have the Bootguard.

If the encryption was started, did you stop the encryption and decrypted?

Did you uninstall the product after decryption?

The error code is an administation error code.

Be careful with Mac and PGP together because both are not very forgiving.

Thanks

Anthony

Anthony:

As I mentioned in the original post, the user aborted the installation right after it started.  Apparently not soon enough, though.  I don't think any encryption was started, because all I did was to uninstall the product, thinking that would remove BootGuard.

What do you recommend I do?  Should I (re?)encrypt the drive and then deencrypt it, finally removing BootGuard by uninstrumenting the disk?

I'm sorry, I guess I'm just not clear on what your suggestion is, other than to "(b)e careful."  :-)

Butch

Hi Butch,

Was the install package from a PGP server?

If it was from a server then change your PGP stamp to a stand alone (PGP Default Stamp) and try the uninstrument command again.  If this doesn't work then try the article that I provided a link for to manually remove PGP from the Mac OSX in this forum thread.

If your drive was still encrypted then the status would have shown a value on the drive.  In this case there isn't one.  PGP is stuck on instrumentation of the drive. 

If all fails then re-image the hard drive would be the next solution.

Thanks

Anthony

Hi Butch,

When the decryption is completed, the drive should be automatically uninstrumented. Probably the process was interrupted just before that.

With all the steps done previously it is also possible that the Symantec Encryption Desktop (SED) lost reference to the encryption status.
The important part is to ensure the drive is really decrypted, for that you need to attach the disk to a machine without SED or booting from a "live CD" to make sure no SED drivers are loaded. and then check the contents of the disk.

The basis os instrumentation is the replacement of the MBR by BootGuard. Then, Bootguard will take care of the rest of the boot process.
If the disk is in clear, at least in Windows, doing a fixmbr will replace Bootguard by the OS loader and the machine keeps working smoothly. Again, I haven't tested this in Mac, but I have no reasons to believe it will behave in a different way.

Before attempting the re-imaging of the OS you can attempt to fix the MBR.
Good backups are your friends.


HTH,
dcats

Anthony:

The installation was from a server:

% defaults read com.pgp.pgp configurationString

ovid=keys.wdf.<redacted>.corp&mail=*&admin=1

How do I convert this to a standalone installation?  I found lots of hints on the Intertubez for going from standalone to managed, but none for going the other direction.

I agree that the only bit that's left to remove is the instrumentation, and I'm hopeing we can figure out how to remove it without me having to muck with the GPT/MBR (frought with danger) or reimage (really not an option).

Thanks!

Butch