Symantec Drive Encryption [Formerly PGP Whole Disk Encryption] Recovery on Macintosh using Target Disk Mode

book

Article ID: 153516

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

If you are unable to boot a Macintosh system which has been encrypted with Symantec Drive Encryption, you can use Target Disk Mode to troubleshoot or decrypt the drive.

Resolution

Most newer Apple systems support Target Disk Mode, which allows the computer to be slaved to another Macintosh to access the drive contents. The Apple system must have Firewire or Thunderbolt ports to allow Target disk mode.

(NOTE) Currently as of Mac OSX 10.8.4 and Symantec Encryption Desktop 10.3.0 MP3 - slaving an encrypted drive using Thunderboltis supported. Please see TECH201009; for more information on when this will be supported in the future.

The master machine must have Symantec Encryption Desktop installed and licensed for Symantec Drive Encryption. Once the slave computer is booted in Target Disk Mode and connected to the master machine, Symantec Encryption Desktop will detect the encrypted drive and request the passphrase for the problem computer to to unlock the drive. Once the drive is authenticated, it will appear as an attached volume on the master Apple system just as any other external storage device.

At this point, you may access the data on the problem machine, copying the data if necessary to another device. You may also use Symantec Encryption Desktop or pgpwde command line tool (in the Terminal app) to decrypt the drive, so long as the consumer policy on the master Apple system is allowed to decrypt. Alternatively, if a WDE admin passphrase user is used to encrypt the drive, you may use those credentials to decrypt the drive.

For example, to decrypt a drive from pgpwde command line, run the Terminal application located in Applications>Utilities. From there you can see a what encrypted drives are attached, the status of the disk, unlock the disk for access or even decrypt, among many other useful troubleshooting.

To list disk current disks attached to the computer:

pgpwde --enum

Boot disks are typically labeled 'disk 0'

To check the encryption status of a drive:

pgpwde --status --disk n

Where 'n' is the number of the disk you wish to query.

To access the disk if Symantec Desktop Encryption did not prompt for passphrase:

pgpwde --auth --disk n --passphrase "passphrase here"

Where 'n' is the disk you wish to access. This unlocks the drive, making it possible to copy the data from the problem disk to another storage device.

To decrypt a disk use the following command:

pgpwde --decrypt --disk n

If any of the above commands cannot be found, even though Symantec Encryption Desktop is installed, it may be necessary to run the commands from /usr/local/bin with a ./ in front:

cd /usr/local/bin/ ./pgpwde --help

Symantec Drive Encryption Command Line Guide can be found in the related article section below