HOW TO: Install Drive Encryption for Linux


Article ID: 180260


Updated On:


Encryption Management Server




This article details how to install and configure Symantec Drive Encryption for Linux (formerly PGP Whole Disk Encryption).

To install Drive Encryption for Linux:

NOTE: dkms, fakeroot and other packages may be installed during the installation process if the respective package is required but missing from system prior install.

  1. Download the appropriate installer from FileConnect or your Symantec Encryption Management Server (formerly PGP Universal Server).
  2. To download installer from your Symantec Encryption Management Server go to Consumers tab and click the Download Client button. Choose either Linux 32-bit or Linux 64-bit as platform and then select your Linux distribution
  3. To identify platform type of your Linux distribution, please execute uname -i command in the terminal of your Linux system. As of this writing, the latest version of Symantec Encryption Desktop, 10.3.2 MP7 (Build 16127), supports the following distributions:
    • Ubuntu 12.04 LTS, 12.04.1 LTS (kernel 3.2), 12.04.2 LTS (kernel 3.5), 12.04.3 LTS (kernel 3.8), 12.04.4 LTS (kernel 3.11), 12.04.5 LTS (kernel 3.13) (32-bit and 64-bit versions); 14.04.0 LTS (kernel 3.13), 14.04.1 LTS (kernel 3.13) (32-bit and 64-bit versions);
    • Red Hat Enterprise Linux/CentOS 5.7, 5.8, 5.9, 5.10, 6.0, 6.1, 6.2, 6.3, 6.4 (kernel 2.6.x) (32-bit and 64-bit versions);
  4. For your Linux distribution, run the following command in the appropriate directory replacing XXXXX with the appropriate name from the downloaded installer and replacing YYYYYY with CPU architecture for your Linux system (32-bit VS 64-bit):
    • Ubuntu Linux:
      • sudo bash pgp_desktop_10.3.2.XXXXX_linux_ub12.04_YYYYYY.bsx
    • Red Hat Enterprise Linux/CentOS:
      • su -l -c 'bash pgp_desktop_10.3.2_XXXXX_linux_el5_YYYYYY.bsx'
  5. Read and accept the license agreement. After installation completes, you are prompted to restart your computer;
  6. Restart the computer

Please note that only certain generic kernels are supported, therefore installation of WDE may fail when unsupported kernel is being used. Kernels modified for PAE, Xen, or RT are not supported. For example, when using SED 10.3.2 MP1 build 15337, the kernel module for Ubuntu release 12.04.3 LTS will be installed successfully on kernel 3.8.0-29-generic. To identify what kernel version you are currently running under Linux distribution, please use command uname -r. Information about Ubuntu kernel support may be found here: Kernel version shipped with Red Hat Enterprise Linux listed here:

License Authorization for standalone users of Linux:

  1. Start terminal command line.
  2. Type 'pgpwde --license-authorize --license-name "<USER_NAME>" --license-organization "<ORGANIZATION>" --license-number <LICENSE_KEY>'
  3. Press Enter

Configuring a Managed Client on Linux:

  1. From a terminal, as privileged user run 'pgpconfigure "ovid=<server>&mail=*&admin=1' command, replacing <server> with the FQDN or IP address of your Symantec Encryption Management Server.
  2. Restart the computer
  3. From a terminal, run 'pgpenroll --enroll' command using regular user account.
  4. When prompted for the username and password provide credentials of a valid user.

Encrypting a Drive

For most users, the following command will instrument the drive, add a user (replace <username> and <userpassword> with your credentials), and start the encryption process:

pgpwde --secure --disk 0 --user "<username>" -p '<userpassword>' --all --fast

Check Symantec Drive Encryption for Linux User's Guide for additional information:

Upgrading the system

If you are upgrading your system (with Symantec Drive Encryption for Linux installed) from earlier supported version of Ubuntu to version 12.04.5 LTS or version 14.04.1 LTS, be sure to do the following:

  1. Decrypt your system disk.
  2. Upgrade to Symantec Drive Encryption for Linux version 10.3.2 MP7.
  3. Upgrade your operating system to Ubuntu 12.04.5 LTS or Ubuntu 14.04.1 LTS.
  4. Re-encrypt your system disk.