Symantec Drive Encryption's BootGuard screen is where a user can authenticates an encrypted drive. If a passphrase is not allowing authentication to the BootGuard screen, a Whole Disk Recovery Token can be used to authenticate.


There are two different styles of the BootGuard screen users may see upon rebooting an encrypted system, MBR or Legacy, and UEFI.  These two different styles of BootGuard depend upon how the Operating System boots up.  A system using Legacy boot mode, differs from a system using UEFI with how a Whole Disk Recovery Token is used at BootGuard.  The difference between these, as well as some considerations for how Whole Disk Recovery tokens can be used, are listed below with screenshots of the two different BootGuard screens:

• The Whole Disk Recovery Token is not case sensitive.
• The dashes are not required when entering the token.
• The Whole Disk Recovery Token does not contain the letter "o".
• The Whole Disk Recovery Token may contain the digit zero.

Example:
FNQBC-0WDUU-TGKQ1-W0Z79-B3JF can be entered either as it appears or as fnqbc0wduutgkq1w0z79b3jf.


Legacy boot (MBR boot) BootGuard Screen:

•      Whole Disk Recovery Tokens can be entered in the passphrase field
•      Hit the TAB key to show entered keystrokes

UEFI Boot BootGuard Screen:

•      Hit the F4 key, and then enter the Whole Disk Recovery Token into the dialog box.
•      Hit the F3 key to show typed keystrokes.