HOW TO: Install PGP Encryption Desktop Drive Encryption for Linux
search cancel

HOW TO: Install PGP Encryption Desktop Drive Encryption for Linux

book

Article ID: 180260

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

 This article details how to install and configure PGP Encryption Desktop (Symantec Drive Encryption) for Linux to use the Drive Encryption feature. 

Resolution

 

To install Drive Encryption for Linux:

NOTE: dkms, fakeroot and other packages may be installed during the installation process if the respective package is required but missing from system prior install.

  1. Download the appropriate installer from your PGP Encryption Server (Symantec Encryption Management Server).
  2. To download installer from your PGP Encryption Server go to Consumers tab and click the Download Client button. Choose either Linux 32-bit or Linux 64-bit as platform and then select your Linux distribution
  3. To identify platform type of your Linux distribution, please execute uname -i command in the terminal of your Linux system.

    See the  System Requirements  for more information on the versions of PGP Encryption Desktop and supported Linux versions. As of this writing, the latest version of PGP Encryption Desktop, 10.5.1 MP1 supports the following distributions:

    • (All versions support BIOS only) Red Hat Enterprise Linux/CentOS 7.8 (64-bit), 7.7 (64-bit), 7.6 (64-bit), 7.5 (64-bit), 7.4 (64-bit), 7.2 (64-bit), 7.1 (64-bit), 6.7 (32-bit and 64-bit), 6.6 (32-bit and 64-bit)

      PGP 10.3.2 and older supported Ubuntu versions, but has been discontinued for PGP 10.5.1.
      Historical Information for 10.3.2 only: 12.04 LTS, 12.04.1 LTS (kernel 3.2), 12.04.2 LTS (kernel 3.5), 12.04.3 LTS (kernel 3.8), 12.04.4 LTS (kernel 3.11), 12.04.5 LTS (kernel 3.13) (32-bit and 64-bit versions); 14.04.0 LTS (kernel 3.13), 14.04.1 LTS (kernel 3.13) (32-bit and 64-bit versions);
      Red Hat Enterprise Linux/CentOS 5.7, 5.8, 5.9, 5.10, 6.0, 6.1, 6.2, 6.3, 6.4 (kernel 2.6.x) (32-bit and 64-bit versions);

  4. For your Linux distribution, run the following command in the appropriate directory replacing XXXXX with the appropriate name from the downloaded installer and replacing YYYYYY with CPU architecture for your Linux system (32-bit VS 64-bit):
    • Ubuntu Linux:
      • sudo bash pgp_desktop_10.3.2.XXXXX_linux_ub12.04_YYYYYY.bsx
    • Red Hat Enterprise Linux/CentOS:
      • su -l -c 'bash pgp_desktop_10.3.2_XXXXX_linux_el5_YYYYYY.bsx'
  5. Read and accept the license agreement. After installation completes, you are prompted to restart your computer;
  6. Restart the computer

As is mentioned above, Legacy BIOS is the only supported boot mode of Linux currently.  If you would like to have PGP Encryption Desktop for Linux on UEFI systems, reach out to Symantec Encryption Support for further guidance and mention this article. 

Please note that only certain generic kernels are supported, therefore installation of WDE may fail when unsupported kernel is being used. Kernels modified for PAE, Xen, or RT are not supported. For example, when using PGP 10.3.2 MP1 build 15337, the kernel module for Ubuntu release 12.04.3 LTS will be installed successfully on kernel 3.8.0-29-generic. To identify what kernel version you are currently running under Linux distribution, please use command uname -r. Information about Ubuntu kernel support may be found here: https://wiki.ubuntu.com/Kernel/LTSEnablementStack. Kernel version shipped with Red Hat Enterprise Linux listed here: https://access.redhat.com/articles/3078

License Authorization for standalone users of Linux:

  1. Start terminal command line.
  2. Type 'pgpwde --license-authorize --license-name "<USER_NAME>" --license-organization "<ORGANIZATION>" --license-number <LICENSE_KEY>'
  3. Press Enter

Configuring a Managed Client on Linux:

  1. From a terminal, as privileged user run 'pgpconfigure "ovid=<server>&mail=*&admin=1' command, replacing <server> with the FQDN or IP address of your Symantec Encryption Management Server.
  2. Restart the computer
  3. From a terminal, run 'pgpenroll --enroll' command using regular user account.
  4. When prompted for the username and password provide credentials of a valid user.

Encrypting a Drive

For most users, the following command will instrument the drive, add a user (replace <username> and <userpassword> with your credentials), and start the encryption process:

pgpwde --secure --disk 0 --user "<username>" -p '<userpassword>' --all --fast


Check the  PGP Encryption Desktop Documentation for additional information

Upgrading the system

If you are upgrading your system (with Symantec Drive Encryption for Linux installed) from earlier supported version of Ubuntu to version 12.04.5 LTS or version 14.04.1 LTS, be sure to do the following:

  1. Decrypt your system disk.
  2. Upgrade to Symantec Drive Encryption for Linux version 10.3.2 MP7.
  3. Upgrade your operating system to Ubuntu 12.04.5 LTS or Ubuntu 14.04.1 LTS.
  4. Re-encrypt your system disk.

Additional Information

193931 - How to download Symantec Encryption products from the Broadcom download Portal (And where to find the license number for PGP)

181366 - Re-enrolling PGP Desktop (Symantec Encryption Desktop) for Linux Clients

157084 - PGP Encryption Desktop Embed Group Policy for Mac & Linux