On certain Dell computers running Symantec Encryption Desktop 10.4.x, the Shift key does not work at PGP BootGuard
search cancel

On certain Dell computers running Symantec Encryption Desktop 10.4.x, the Shift key does not work at PGP BootGuard

book

Article ID: 164994

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption Information Centric Encryption Mobile Encryption for iOS PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

On certain Dell, Lenovo and HP systems, when you authenticate at PGP BootGuard using the Shift key, the authentication may fail. In some cases, special characters run into this issue, but other scenarios may not require special characters to see this issue, but this has been observed on systems running in UEFI mode that are configured to a non-US English keyboard layout.

This article will cover some workarounds and fixes for this issue that are included in Symantec Encryption Desktop 10.4.1 (PGP Desktop) Maintenance Pack 1 (MP1) via a Keyboard Revert command discussed below.

Note: For information on how to resolve this issue on Symantec Endpoint Encryption 11.x , see the following KB:

161066 - Shift key isn't recognized at Pre Boot Authentication screen with Symantec Endpoint Encryption 11 with non-US keyboards

Environment

Symantec Encryption Desktop 10.4.x

Resolution

To fix this issue, upgrade to Symantec Encryption Desktop 10.4.1 MP1. Symantec Encryption Desktop 10.4.1 MP1 includes an update for keyboard functionality. This update is designed to work with the most recent version of AMI UEFI firmware to resolve the Shift key issue. Alternatively, consider the following workarounds to resolve this issue.

 

If you are running Symantec Encryption Desktop 10.4.1 on a computer that uses an older UEFI firmware, then you might have issues using the Shift key at PGP BootGuard. To resolve the issue, perform one or more of the following workarounds:

 

Potential Workaround 1 - Easy workaround to provide to end users until proper commands can be run (Arrow Key)

A UEFI firmware update may often fix this issue. However, if the UEFI firmware update does not resolve this issue, revert to the previous UEFI firmware keyboard setup to restore the keyboard functionality temporarily or permanently. 

To temporarily revert to the previous keyboard setup

  1. Press and hold on to the DOWN ARROW (↓) key while booting your computer. This will enable the previous UEFI firmware keyboard setup for that boot session.

Note: This has been observed to sometimes not work and the other fix scenarios below will be the better option to use.

 

Potential Workaround 2 - Using Different authentication methods

If the UEFI firmware of the computer is not updated, or Symantec Encryption Desktop is not upgraded to the version 10.4.1 MP1, then consider any of the following temporary workarounds to resolve this issue:

  • Authenticate at PGP BootGuard using a Whole Disk Recover Token (WDRT)

  • Authenticate at PGP BootGuard using the Caps Lock key for uppercase letters

  • Authenticate at PGP BootGuard using a PGP user account with a password that does not includes special characters or uppercase letters

  • Authenticate on Symantec Encryption Desktop when the hard disk of the affected computer is connected as a slave to another computer running Symantec Encryption Desktop

 

 

Fix Scenario 1 - Set Boot Property in Windows to revert AMI Keyboard Functionality

Important Note: This option will work if the system has been encrypted, and before the system reboots for the first time.


Once the system has been encrypted, make sure to run this command before rebooting so that you do not get locked out in case the arrow key workaround above does not work.

Fix Scenario 2 will be needed if you cannot boot beyond the preboot screen.

Update the computer's UEFI firmware with the most recent version. To update the computer with the latest UEFI firmware, refer to the documentation from the computer manufacturer.

To permanently revert to the previous keyboard setup using PGP Whole Disk Encryption Command Line

  1. Press and hold on to the DOWN ARROW (↓) key while booting your computer. This will enable the previous UEFI firmware keyboard setup for that boot session.

  2. At the PGP Whole Disk Encryption Command Line prompt, execute the following command:

   pgpwde --bootprop-set --name AMIKBAPI --value 1 --au <username> --ap <passphrase> --disk 0




Fix Scenario 2 - Boot off of WinPE and set Boot Property to revert AMI Keyboard Functionality

If the machine will not boot beyond the preboot because the keyboard will not work, and the down arrow mentioned in the workaround mentioned above does not work, booting from WinPE will allow you to set the options.

To permanently revert to the previous keyboard setup using Windows Preinstallation Environment (PE)

  1. Boot into Windows using a bootable Windows PE CD or USB Flash Drive.

  2. At the command prompt, execute the following command:
    pgpwde --bootprop-set --name AMIKBAPI --value 1 --au <username> --ap "admin-passphrase-here" --disk 0

 

Once the above command has been entered, reboot the system and the keyboard should now be working again at the preboot screen.

If you need any further assistance, reach out to Symantec Encryption Support.

Additional Information

228244 - Keyboard Delays or missing keystrokes at preboot after encrypting with Symantec Encryption Desktop


EPG-27640
EPG-25371, EPG-26998, EPG-26835