Mac OS X Systems encrypted with Symantec Drive Encryption unable to boot after Apple Update to 10.8.4

book

Article ID: 158555

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

In some rare circumstances, a Mac OS X system may not be able to boot after updating to Mac OS X 10.8.4 on systems that have been encrypted with Symantec Drive Encryption.

 

Cause

Although this is rare in occurrence, after review of an affected system that could duplicate this behavior, it appears to be caused when a system's partitions were not completely cleaned after it was re-imaged. 

 

When Symantec Drive Encryption encrypts a Mac system, it performs many operations, such as it replaces the regular apple boot.efi with its own boot file, as well as puts encrypted markings on the disk and requires using additional partitions on a system.  If a Mac system has been previously encrypted and needs to be re-purposed, it is not enough to simply reformat the drive, and reinstall the operating system as this will leave encrypted remnants behind that could make the operating system unable to boot later on.  Unfortunately, this may not be immediately apparent so taking proper steps to re-image a system is needed to ensure future booting after updates is possible.

 

Resolution

To ensure a system will have future success in booting after it was encrypted, there are a few options available:

 

Option 1:

Fully Decrypt the system before re-imaging.  This should restore the system back to its default state and allow a successful reinstall of the operating system.

Check the "/" (root) directory to ensure no PGPWDE00 or PGPWDE01 files exist (ls / via Terminal will display all files/directories. The "l" in this command is an "L").  If there are files that exist in this location after the drive has been fully decrypted, remove them to ensure they do not cause any further problems reencrypting the drive.  WARNING: Do not attempt to remove these PGPWDE files on an encrypted disk.  If a system shows it was decrypted, and it still shows the files, wait for several minutes to give it a chance to remove the files.

 

Run the following command via Terminal to ensure no "H.PGPGUARD" marking exists on the sectors.  If the "H.PGPGUARD" still shows up after the system was encrypted, this means the system has not been restored back to default state.  Allow the system to fully decrypt and this should be restored back--it may be necessary to wait several minutes after decryption has completed before this is done.  A normal, non-encrypted sector output will appear similar to the following:

 

"00000000  00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00 |................|..."

 

Option 2:

Use the Mac OS X installer utility to re-partition a Mac System.  If there is suspicion the Mac partitions may not be completely clean, to ensure the partitions are created completely clean, create ten partitions for the disk, then set the partitions back to one partition.  This will ensure all partitions are completely removed, and rebuilt from scratch.

 

Option 3:

Use any sophisticated third-party utility which will ensure all partitions are completely removed, and properly re-created.

 

Using the above should ensure Mac OS X is installed cleanly, and will ensure Symantec Drive Encryption will properly encrypt the system.  Something to note, is when a new Apple update is available, please consult article TECH174563 to ensure full compatibility has been confirmed.  If an update has not been confirmed to be compatibility, do not attempt to update that Mac system. 


Applies To

Mac OS X 10.8.2, or 10.8.3 updated to Mac OS X 10.8.4.

Mac system has been encrypted with Symantec Drive Encryption.