Shift key isn't recognized at Pre Boot Authentication screen with Symantec Endpoint Encryption 11 with non-US keyboards

book

Article ID: 161066

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

When attempting to authenticate the Symantec Encryption Desktop BootGuard/Pre Boot screen with UEFI systems, an "incorrect passphrase" error appears.

Having no shift-key functionality affects the ability to enter special characters during the Pre Boot authentication screen using UEFI BIOS mode if non-US keyboard layout is selected.

Note: For information on how to resolve this issue on Symantec Encryption Desktop 10.4.x, see https://support.symantec.com/en_US/article.TECH240217.html.

Cause

The SHIFT key is not capitalizing the letters on input, therefore all characters in password field appear in lower case (special characters appear as numbers).

Environment

Systems affected:
Dell Latitude E5570/E5470/E7440/E7450/E7470

Resolution

Dell systems use a BIOS typically developed by American Megatrends, Inc. (AMI).  There have been some improvements included in SEE 11.1.3 which allow using the shift-key in non-US keyboard layout in these AMI BIOS environments.  Symantec Encryption software does not contain these improvements for the older implementations of UEFI BIOS environments.  In order to take advantage of these fixes, UEFI BIOS will need to be used and be updated. 

SEE 11.1.3 provides a newer implementation of BIOS functionality to work with the AMI BIOS implementations (with UEFI) that cause the shift key to fail on non-US keyboards.  There may be some possible issues for systems using an older implementation of UEFI BIOS.  In the unlikely event that this older AMI BIOS implementation of UEFI within the SEE 11.1.3 causes issues, the USB keyboards may become nonfunctional.  The following workarounds exists:

NOTE: SEE 11.1 and SEE 11.1.2 were removed from FileConnect due to some issues discovered, however SEE 11.1.3 is available and includes this fix. In order to obtain the SEE 11.1.3, visit FileConnect.

Workaround Scenario 1:
1. Upgrade to the latest UEFI BIOS available from the hardware vendor using AMI BIOS.

Workaround Scenario 2:
If the upgrade of the AMI BIOS does not address this problem, reverting to the older implementation of SEE 11 is possible to restore USB keyboard functionality within the software.  In order to revert the BIOS implementation within Symantec Endpoint Encryption 11.1.3, follow the below steps:

Temporary workaround:
a. Keep the down arrow key ↓ pressed while booting. This will set the flag to use the old AMI BIOS implementation temporarily for that boot/session only.

Permanent workaround:
b. To permanently use the older implementation of SEE 11.1.3 on UEFI systems, use the following command to switch to use AMI API's either from a customized Windows PE CD or UFD or using command line after booting into windows with option (a):

eedAdminCli --bootprop-set --name AMIKBAPI --val 1 --au   --ap  

NOTE: The fix for this issue currently exists for SEE 11.1.3.  Symantec Encryption Desktop 10.4.1 MP1 includes a fix to address this problem, please see article TECH240217 for more information.

Workaround Scenario 3:
The following is a temporary workaround when the Shift key cannot be used to authenticate Pre Boot without applying any software updates to either BIOS, or Symantec Encryption software:

  • Authentication in BootGuard with Whole Disk Recover Token (WDRT)
  • Authentication in BootGuard using Caps Lock button for upper case letters
  • Authentication in BootGuard using pgp-user account with password that do not require special characters and or upper-case letters
  • Authentication in Symantec Encryption Desktop when hard drive of affected machine is slaved to another PC with Symantec Encryption Desktop

Etracks: 4049963, 3923363, 3539056