search cancel

Creating and using a recovery USB drive for Opal v2-compliant drives for Symantec Endpoint Encryption v 11.1


Article ID: 162743


Updated On:


Endpoint Encryption


In the Symantec Endpoint Encryption v 11.1 environment, the traditional WinPE recovery tool does not work with Opal v2-compliant drives that do not have an eDrive dependency. Although the need to recover a drive is rare, as a precaution, create a USB recovery drive. If required, use this USB drive to attempt recovery of the Opal v2-compliant drive.


To create a recovery USB drive

Prerequisite: Ensure that the drive has a minimum of 1 GB of space.

  1. Format the USB drive using the FAT32 format.
  2. In the root directory on the drive, create a folder named EFI.
  3. In the EFI directory, create a subfolder named Boot.
  4. Access a client computer that has Symantec Endpoint Encryption Drive Encryption installed.
  5. Copy the following files from the client computer to the USB drive x:EFI/Boot directory, where ‘x’ is the drive letter:

    C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\
    • bootx64.efi
    • pgpcontents.tar

The USB drive is now a bootable UEFI drive.

To use a recovery USB drive

  1. On the non-booting client computer with the Opal v2-compliant drive, insert the USB recovery drive.
  2. Access the system’s Boot Options menu. Usually you can do this by pressing F9, F10, or F12 immediately after powering up Windows, but consult the user guide of your PC for more details.
  3. Select the USB drive (or, on some systems, select the \EFI\Boot\bootx64.efi file on the USB drive) from the Boot Options menu to boot from the recovery USB drive.
  4. At the preboot login screen, authenticate.
  5. After successfully authenticating, if the encryption record is still intact, you have the option either to decrypt without booting or boot directly into Windows.
  6. Press ‘D’ to decrypt the drive.