File Share Encryption

 View Only
  • 1.  URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 10, 2015 07:40 AM

    I have a mid-2011 iMac, with an SSD startup drive. At some point during the lifetime of this Mac, I installed—and thought I uninstalled—PGP Whole Disk Encryption. Certainly the startup drive has not been encrypted for years.

    It's now 2015, and I can't upgrade this Mac to OS X 10.11. When I try to reboot the machine after an upgrade, the strike-through circle is shown, indicating that there's no OS installed. The problem, I'm discovered, is related to this:

    http://d.pr/i/17VbT

    Apparently, the startup partition is of a scheme type:

    com_pgp_wde_GUIDPartitionScheme_v2

    Trying a clean install, I've determined that no combination of disk formatting or re-partitioning using Apple's Disk Uitilities can fix this. It seems the disk is instrumented with WDE in a way that simply can't be removed.

    Trying to get this solved through Symantec support is a nightmare — the support portals have been migrated so many times since 2011, that the account information I see when logging in makes no sense. And just like the work-flow for posting in this forum—PGP for Mac isn't listed, and I have no idea what "community" to choose—all of Symantec seems designed for large corporation IT departments, rather than individual consumers.

    The last PGP product I owned, was licensed back in 2011.

    I'm hoping with this post, that someone here might be able to help me figure out how to get PGP definitely off this drive, so that I can upgrade the operating system. Thanks so much in advance.

    Best regards,

    Matt Henderson



  • 2.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 10, 2015 07:41 AM

    Jeez — just look what I'm shown in simply creating this post:

    http://d.pr/i/7p48



  • 3.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 12, 2015 11:38 AM

    How to fix OS X circle with slash:
    1. Boot to the OS X installer.
    2. Open the terminal utility.
    3. Run the following command in terminal:
    fdisk -u /dev/disk0
    4. Install OS X or restore from backup.
    5. Boot the system.

    You should not experience the circle with a slash.



  • 4.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 12, 2015 12:25 PM

    Mike — That's not going to change the partition from a PGP type to something else. Right? Do you know how I can remove the PGP instrumentation of the startup disk?



  • 5.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 12, 2015 01:00 PM

    That command is actually going to rewrite the entire boot sector.  The partition showing as com_pgp_wde_GUIDPartitionScheme_v2 is a false positive.  The actual issue comes from an incomplete uninstall of PGP.  The boot partition still retains some PGP flags, which try to redicrect the boot to the PGP configuration files, which no longer exist, so no operating system is found.  Even though new boot information is written to the disk, the PGP data stuck in there gets in the way.  A standard reinstall of OS X does not clear the boot partition first.

    After clearing the boot sector and reinstalling OS X, you should be back to a normal partition scheme.



  • 6.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 12, 2015 01:08 PM

    Mike, thanks a lot for this. Just to confirm — if I boot from a USB and run the fdisk command, that's going to delete the data that's currently on the disk, and I'll need to do a fresh install correct?

    At that point, can I safely copy over a mirror of a bootable backup drive? i.e. the bootable backup drive wouldn't have any of the PGP flags that would get copied over in a mirror operation back to the startup drive, correct?

    Thanks again!



  • 7.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 12, 2015 01:13 PM

    It will delete the data currently on the disk.

    After that, you should be able to restore the backup.  Unless the backup contains the same boot sector information, and transfers that over as well, it should work fine at that point.  Most backups shouldn't, but there are some disk clone programs that will.



  • 8.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 12, 2015 03:46 PM
    Mike, I did 'diskutil list' to confirm that disk0 was the correct device. Then I ran your fdisk command, and got the error: "could not open MBR file /usr/standalone/i386/boot0: No such file or directory" "Do you wish to write new MBR? [n]" I answered the second with "y", hit return, and was returned to the prompt. Running the fdisk command again resulted in the same thing. All my data remained on the disk, and so it seems nothing was done to the disk. Are you sure I wasn't supposed to include the -i argument?


  • 9.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 13, 2015 12:26 PM

    Do you have multiple partitions and multiple operating systems installed?  I have yet to see an error like that come up when doing the -u flag, but I suppose -i might work.

    Also, have you checked to make sure the partition you're booting from is the active one?



  • 10.  RE: URGENT — How to remove PGP WDE from a Mac

    Broadcom Employee
    Posted Oct 13, 2015 12:36 PM
    Mike, When I did 'diskutil list', I saw multiple partitions, including an OS X recovery partition. I do not, however, have multiple operating systems installed. I'm not sure i understood your question about making sure the partition I'm booting from is the active one. When I did 'diskutil list', I confirmed that disk0 corresponds to the SSD's startup partition. One thing -- I ran the fdisk command as you listed above. But this morning, it occurred to me that perhaps I should have ran it as sudo. Do you think that would make a difference? I'm pretty it should have been run as sudo, but would have expected that kind of error, rather than something like a "permission denied"?