"
Dear Valued Symantec / PGP® Customer,Symantec has recently become aware of an issue with Mac OS X 10.6.5 and PGP® Whole Disk Encryption 10.0.x. At this time we are recommending that customers using PGP® Whole Disk Encryption do not upgrade to Mac OS X 10.6.5.
With the 10.6.5 update, Apple released a new version of the boot.efi file, which overwrites the previous edition of the file used by PGP® Whole Disk Encryption. This causes the machine to skip the pre-boot authentication step, which results in the disk(s) not being unlocked prior to boot. Subsequently, the system fails to boot. The data on the disk, however, is recoverable. This is the first time Apple has modified boot.efi in a minor update, and we are modifying our test procedures accordingly to help avoid this problem in the future.
For now, Symantec's recommendation is to delay upgrading to 10.6.5. If there is an urgent need to upgrade, decrypting the machine prior to applying the upgrade, followed by applying the upgrade and re-encrypting, will safely upgrade the machine to the new version.
If the attempt to upgrade the machine has already been made and, as a result, the machine is no longer bootable, please note that the data on the machine has not been lost. Do not attempt to reformat the machine, as this could result in a loss of data. Instead, please refer to thisKnowledgebase Article to restore your machine.
If you have already reviewed the above article, please review it again as it has been updated with important additional steps since first publication.
Symantec is working on an upgrade procedure that does not require a decrypt/re-encrypt cycle. The Knowledgebase article will be updated when this process is finalized."
On Nov 11, 2010, at 8:14 PM, Link, Peter R. wrote:
A better way would be to start selling self-encrypting drives with Apple products and bundle WinMagic's SecureDoc or create their own simple certificate/password management system (runs under OS X Server of course!).
Incidentally, WinMagic says any update (10.6.x) doesn't require the disk to be unencrypted but upgrades (10.x) do. I updated my two Macs and everything is still working. I am not using SecureDoc's software encryption, however, so it's a different deal but using SED's is a solution more people should investigate.
btw: Seagate received their FIPS 140-2 approval for the Momentus SEDs
On Nov 11, 2010, at 4:42 PM, Boyd Fletcher wrote:
This is another stellar example of why apple should scrap file vault and implement its own version of Whole Disk Encryption that is supported on its install media.
On Nov 11, 2010, at 12:54 PM, Joel Esler wrote:
https://BLOCKEDsupportimg.pgp.com/guides/Tech_Note_PGP_WDE_Recovering_Data_Mac_OS_X.pdf
On Nov 11, 2010, at 12:14 PM, Bill Vlahos wrote:
https://BLOCKEDpgp.custhelp.com/app/answers/detail/a_id/2288
Unbelievable that this could get through testing without someone (either PGP or Apple) telling PGP customers the update will prevent your computer from booting. Very bad.
Bill Vlahos
AeroVironment, Inc.
IT Manager
UAS
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden