Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.6: Update renders Mac with PGP disk encryption unbootable System 10.6
Snow Leopard only hint10.6.4 users running PGP Whole Disk Encryption may render their systems unbootable after they update to 10.6.5.

PGP recommends folks to decrypt their drives first, update to 10.6.5 and then re-encrypt. If you have already upgraded and have an unbootable system, burn/use a copy of their Recovery CD to fix. I can verify that using the Recovery CD works.

Procedure:
  • Boot the system using the PGP Recovery CD.
  • When prompted, authenticate with your passphrase. DO NOT press D to decrypt. Press any key (e.g. spacebar) to boot into Mac OS X normally.
  • Once logged into Mac OS X, PGP Desktop will automatically fix the boot issue and you should no longer need the recovery CD.
  • Download the script 'PGPwdeEFIUpdate.sh' to your desktop
  • Open terminal and navigate to your desktop directory by typing cd ~/Desktop and pressing Enter.
  • Type in the command chmod 755 PGPwdeEFIUpdate.sh and press Enter.
  • Type in the command sudo ./PGPwdeEFIUpdate.sh and press Enter.
PGP has a tech article about it, and that is the source of this procedure. You can download both the ISO for the recovery CD and the referenced script from links provided there.

[crarko adds: I haven't tested this one.]
    •    
  • Currently 3.00 / 5
  You rated: 4 / 5 (6 votes cast)
 
[11,243 views]  

10.6: Update renders Mac with PGP disk encryption unbootable | 18 comments | Create New Account
Click here to return to the '10.6: Update renders Mac with PGP disk encryption unbootable' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: bfad on Nov 12, '10 07:55:00AM

I didn't copy over or run the "PGPwdeEFIUpdate.sh" script - just booting from the recovery CD seemed to fix the problem for me.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: Reaper Man on Nov 12, '10 08:44:37AM

While you will work just fine for now, the script fixes a problem that will occur when you later decrypt your drive. The system will not be restored to the correct state without running this script.

So, yes, you are fine for now. You want to run the script so that you do not have problems later.



[ Reply to This | # ]
Chmod 755?
Authored by: leamanc on Nov 12, '10 09:20:01AM

Why make it executable for the whole world?

chmod u+x will work just fine.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: HFTobeason on Nov 12, '10 11:48:29AM

I have been unable to figure out why I'm getting the dreaded "sudo: unable to execute ./PGPwdeEFIUpdate.sh: No such file or directory" error when attempting to run the shell script. All previous steps worked perfectly, with no errors. Any thoughts much appreciated. Thanks.

Edited on Nov 12, '10 12:30:29PM by HFTobeason



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: Typhoon14 on Nov 12, '10 02:54:21PM

I've also had no luck at all getting the script to runů



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: Typhoon14 on Nov 12, '10 03:01:40PM

OK, figured it out. It looks like for whatever reason the file was getting saved with the wrong line endings (Windows-style CRLF instead of unix-style LF). In my case, I opened the file in Textmate, and saved it with LF line endings. After doing this it worked fine. I'm guessing you could accomplish the same thing by putting TextEdit in plain text mode, copying and pasting the contents of the shell script into a new file and saving it with the .sh file extension. After doing so, be sure to do chmod 755 on the new file before executing it.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: david29 on Nov 12, '10 01:43:15PM

I get an error as well:



Macintosh:Desktop myaccount$ sudo./PGPwdeEFIUpdate.sh
-bash: sudo./PGPwdeEFIUpdate.sh: No such file or directory



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: david29 on Nov 12, '10 03:38:23PM

For the life of me I cannot get the script to run.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: Typhoon14 on Nov 12, '10 08:02:24PM

OK, to repeat what I said in reply to script errors:

"OK, figured it out. It looks like for whatever reason the file was getting saved with the wrong line endings (Windows-style CRLF instead of unix-style LF). In my case, I opened the file in Textmate, and saved it with LF line endings. After doing this it worked fine. I'm guessing you could accomplish the same thing by putting TextEdit in plain text mode, copying and pasting the contents of the shell script into a new file and saving it with the .sh file extension. After doing so, be sure to do chmod 755 on the new file before executing it."



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: abthm on Nov 13, '10 05:54:07AM

Surely there should be a space after sudo.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: crarko on Nov 14, '10 05:12:35AM

Surely there is... now.

Thanks. Good catch.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: rgs2 on Nov 13, '10 11:43:30PM

Anyone else getting the "Unable to verify efi state" message when running the PGPwdeEFIUpdate.sh script? PGP is now providing the script as part of the tar file, so I don't think the previous issue regarding character encoding in the script is a problem anymore. I had decrypted my drive prior to running the combo update and am using the most recent version of PGP Desktop.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: Typhoon14 on Nov 14, '10 09:56:17AM

You shouldn't need to run the script if you decrypted prior to updating. The script causes EFI to update the backup copy of boot.efi that it stores to the version included with 10.6.5. If you're encrypting with 10.6.5 already installed, EFI is going to be making a new backup copy at that time containing the latest boot.efi.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: rgs2 on Nov 14, '10 09:52:52PM

Thanks for the response and info. I was a little concerned about re-encrypting. I had actually decrypted the drive a few days ago to fix a bootcamp booting issue, so I guess the timing was good.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: david29 on Nov 15, '10 08:11:59AM

Anyone else getting the "Unable to verify efi state" message when running the PGPwdeEFIUpdate.sh script?

I am running PPF WBE v10.0.3.1. My primary (internal) boot disk is NOT encrypted, however I back up to an external drive which is encrypted.

I updated my internal boot disk to 10.6.5. I then backed up that internal drive to the encrypted external.

So, does this problem pertain to me? The bulletin on the PGO web site is very poorly written and is ambiguous - I cant figure out if it pertains to me or not. Plus I get the "Unable to verify efi state" message, and I cannot boot from the external drive.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: johnnym on Nov 15, '10 10:22:49AM

David, I'm trying to wrap my head around what you're saying and doing.

If you are not using PGP Whole Disk Encryption to encrypt your boot disk, then you don't have to worry about the update for the boot disk. You're good to go.

How are you backing up to an encrypted drive? What tools are you using? PPF WBE and PGO don't sound familiar to me.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: david29 on Nov 15, '10 02:50:27PM

Pardon my dyslexic typing...

Anyone else getting the "Unable to verify efi state" message when running the PGPwdeEFIUpdate.sh script?

I am running PGP WDE v10.0.3.1. My primary (internal) boot disk is NOT encrypted, however I back up to an external drive which is encrypted.

(This way I can leave my external drive at my office, without worrying that someone would break into it if it gets stolen. It has 2 partitions. One is a fully bootable copy, and the other is used for Time Machine. I cannot get the bootable copy to work. It SHOULD be bootable. I am using SuperDuper.)

I updated my internal boot disk to 10.6.5. I then backed up that internal drive to the encrypted external.

So, does this problem pertain to me? The bulletin on the PGP web site is very poorly written and is ambiguous - I cant figure out if it pertains to me or not. Plus I get the "Unable to verify efi state" message, and I cannot boot from the external drive.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: johnnym on Nov 19, '10 07:16:45AM

david29, you are getting the 'Unable to verify efi state' because your internal boot disk is not encrypted. It does not apply to your internal boot disk.

Were you ever able to decrypt and boot off of your external before 10.6.5? My guess would be no. Here's why:

- You have a regular unencrypted boot drive.
- You attach an external that you encrypt.
- You use SuperDuper to clone your unencrypted boot drive to the external

Essentially you put your copy in a box and locked it. I don't know offhand how PGP WDE works under the hood but I would think that there is a small bootable part that allows you to bootstrap the machine to the point where you would get the PGP WDE prompt to supply your password. If you supply the proper password, it will then decrypt the drive and finish booting. Without that small bootable part (partition?) to get you to PGP WDE, you won't get very far. With your setup of locking the whole external disk with PGP, you're probably encrypting even that small bootable part because SuperDuper is putting everything into the encrypted drive. You've locked the box from the inside and there is nowhere to put the key to unlock it.



[ Reply to This | # ]