PGP Whole Disk Encryption behavior for Linux and Mac OSX using automatically encrypt during Enrollment

book

Article ID: 156536

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

What is the expected behavior when enrolling to a PGP Universal Server and "Automatically encrypt Boot Disk at installation" is configured?

Resolution

When PGP Whole Disk Encryption is used to automatically encrypt a drive, the username of the the currently logged-on user profile will be used for the WDE Username and the passphrase that will be used to authenticate at PGP BootGuard, will be that of the passphrase entered during enrollment.

For example, consider the following scenario: A user is logged on to the Linux or Mac OSX profile as JohnDoe, and the password used for enrollment is "passwordJohn" when the system is rebooted, one of two behaviors will be observed.

Detailed Authentication:

If Detailed Authentication is being used, the username of "JohnDoe" must be entered, and the passphrase of "passwordJohn" would be entered to authenticate PGP BootGuard Successfully.

Simple Authentication

If the Simple Authentication is used, then the passphrase of "passwordJohn" would be entered at PGP BootGuard to boot up the system.

PGP Whole Disk Encryption for Linux and Mac OSX does not support Single Sign-On and therefore this behavior is not critical.  As long as the username and passphrase is used, the the system will then boot to the login screen.

 

***Note***

Because Single Sign-On is only supported for the Windows operating system, no passphrase synchronizations will occur upon changing the user's password to the Linux or Mac user account.  In order to synchronize the Linux or Mac password, this must be done manually.


Applies To

PGP BootGuard—PGP Whole Disk Encryption’s pre-boot environment. 

In order to boot a machine, a PGP passphrase must be authenticated. A feature called Single Sign-On will use the same password for the Windows login, so that once a user enters his/her passphrase at PGP BootGuard, the system will automatically login to that same user profile in Windows with this associated passphrase.