Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.6: Update renders Mac with PGP disk encryption unbootable' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: david29 on Nov 15, '10 02:50:27PM

Pardon my dyslexic typing...

Anyone else getting the "Unable to verify efi state" message when running the PGPwdeEFIUpdate.sh script?

I am running PGP WDE v10.0.3.1. My primary (internal) boot disk is NOT encrypted, however I back up to an external drive which is encrypted.

(This way I can leave my external drive at my office, without worrying that someone would break into it if it gets stolen. It has 2 partitions. One is a fully bootable copy, and the other is used for Time Machine. I cannot get the bootable copy to work. It SHOULD be bootable. I am using SuperDuper.)

I updated my internal boot disk to 10.6.5. I then backed up that internal drive to the encrypted external.

So, does this problem pertain to me? The bulletin on the PGP web site is very poorly written and is ambiguous - I cant figure out if it pertains to me or not. Plus I get the "Unable to verify efi state" message, and I cannot boot from the external drive.



[ Reply to This | # ]
10.6: Update renders Mac with PGP disk encryption unbootable
Authored by: johnnym on Nov 19, '10 07:16:45AM

david29, you are getting the 'Unable to verify efi state' because your internal boot disk is not encrypted. It does not apply to your internal boot disk.

Were you ever able to decrypt and boot off of your external before 10.6.5? My guess would be no. Here's why:

- You have a regular unencrypted boot drive.
- You attach an external that you encrypt.
- You use SuperDuper to clone your unencrypted boot drive to the external

Essentially you put your copy in a box and locked it. I don't know offhand how PGP WDE works under the hood but I would think that there is a small bootable part that allows you to bootstrap the machine to the point where you would get the PGP WDE prompt to supply your password. If you supply the proper password, it will then decrypt the drive and finish booting. Without that small bootable part (partition?) to get you to PGP WDE, you won't get very far. With your setup of locking the whole external disk with PGP, you're probably encrypting even that small bootable part because SuperDuper is putting everything into the encrypted drive. You've locked the box from the inside and there is nowhere to put the key to unlock it.



[ Reply to This | # ]