Note: This post has been updated on Jan. 7, 2011
Symantec has identified a potential issue with the Mac OS X 10.6.6 upgrade process and PGP Whole Disk Encryption. Until this issue is resolved, we strongly recommend that customers using PGP Whole Disk Encryption do not upgrade to Mac OS X 10.6.6. Customers that have already successfully upgraded should take no action.
If the update to OS X 10.6.6 has already been made and the machine fails to boot, the data on the machine is not lost. The system can be restored using the PGP Recovery CD. Instructions can be found in this Knowledgebase Article.
This issue has the highest internal priority at Symantec, and we’re working on a maintenance release that will proactively address this issue. We will update our customers with the resolution information as soon as it becomes available.
We don’t often post about product compatibility problems on In Defense of Data blog, but we want to make sure customers are able to access this important information.
Symantec is aware of an issue with Mac OS X 10.6.5 and PGP Whole Disk Encryption 10.0.x. At this time, we recommend that customers using PGP Whole Disk Encryption do not upgrade to Mac OS X 10.6.5.
With the 10.6.5 update, Apple released a new version of the boot.efi file, which overwrites the previous edition of the file used by PGP Whole Disk Encryption. This causes the user’s machine to skip the pre-boot authentication step, which results in the disk(s) not being unlocked prior to boot. Subsequently, the system fails to boot. However, the data on the disk is recoverable.
If the update to OS X 10.6.5 has already been made and the machine fails to boot, the data on the machine is not lost. The system can be restored using the PGP Recovery CD. Instructions can be found in this Knowledgebase Article.
This appears to be the first time Apple has modified boot.efi in a minor update, and Symantec is adjusting test procedures accordingly to help avoid this issue in the future.
We’re working to identify a solution that will enable customers to update Mac OS X on a PGP-protected drive without overwriting the PGP portion of the boot.efi. As soon as a solution has been identified, we will update the blog so keep an eye on In Defense of Data.Tags: encryption, Mac, PGP, Symantec