To fix this issue, upgrade to Symantec Encryption Desktop 10.4.1 MP1. Symantec Encryption Desktop 10.4.1 MP1 includes an update for keyboard functionality. This update is designed to work with the most recent version of AMI UEFI firmware to resolve the Shift key issue. Alternatively, consider the following workarounds to resolve this issue.

If you are running Symantec Encryption Desktop 10.4.1 on a computer that uses an older UEFI firmware, then you might have issues using the Shift key at PGP BootGuard. To resolve the issue, perform one or more of the following workarounds:

Potential Workaround 1 - Easy workaround to provide to end users until proper commands can be run (Arrow Key)

A UEFI firmware update may often fix this issue. However, if the UEFI firmware update does not resolve this issue, revert to the previous UEFI firmware keyboard setup to restore the keyboard functionality temporarily or permanently. 

To temporarily revert to the previous keyboard setup

1. Press and hold on to the DOWN ARROW (↓) key while booting your computer. This will enable the previous UEFI firmware keyboard setup for that boot session.

Note: This has been observed to sometimes not work and the other fix scenarios below will be the better option to use.

Potential Workaround 2 - Using Different authentication methods

If the UEFI firmware of the computer is not updated, or Symantec Encryption Desktop is not upgraded to the version 10.4.1 MP1, then consider any of the following temporary workarounds to resolve this issue:

• Authenticate at PGP BootGuard using a Whole Disk Recover Token (WDRT)

• Authenticate at PGP BootGuard using the Caps Lock key for uppercase letters

• Authenticate at PGP BootGuard using a PGP user account with a password that does not includes special characters or uppercase letters

• Authenticate on Symantec Encryption Desktop when the hard disk of the affected computer is connected as a slave to another computer running Symantec Encryption Desktop

Fix Scenario 1 - Set Boot Property in Windows to revert AMI Keyboard Functionality

Important Note: This option will work if the system has been encrypted, and before the system reboots for the first time.

Once the system has been encrypted, make sure to run this command before rebooting so that you do not get locked out in case the arrow key workaround above does not work.

Fix Scenario 2 will be needed if you cannot boot beyond the preboot screen.

Update the computer's UEFI firmware with the most recent version. To update the computer with the latest UEFI firmware, refer to the documentation from the computer manufacturer.

To permanently revert to the previous keyboard setup using PGP Whole Disk Encryption Command Line

1. Press and hold on to the DOWN ARROW (↓) key while booting your computer. This will enable the previous UEFI firmware keyboard setup for that boot session.

2. At the PGP Whole Disk Encryption Command Line prompt, execute the following command:

   pgpwde --bootprop-set --name AMIKBAPI --value 1 --au <username> --ap <passphrase> --disk 0

Fix Scenario 2 - Boot off of WinPE and set Boot Property to revert AMI Keyboard Functionality

If the machine will not boot beyond the preboot because the keyboard will not work, and the down arrow mentioned in the workaround mentioned above does not work, booting from WinPE will allow you to set the options.

To permanently revert to the previous keyboard setup using Windows Preinstallation Environment (PE)

1. Boot into Windows using a bootable Windows PE CD or USB Flash Drive.

2. At the command prompt, execute the following command:
   pgpwde --bootprop-set --name AMIKBAPI --value 1 --au <username> --ap "admin-passphrase-here" --disk 0

Once the above command has been entered, reboot the system and the keyboard should now be working again at the preboot screen.