This article originally appeared in TidBITS on 2010-11-14 at 6:19 p.m.
The permanent URL for this article is:
Include images: Off

Whole Disk Encryption, and Why Mac OS X 10.6.5 Broke PGP WDE

by Rich Mogull

On 10 November 2010, Apple released Mac OS X 10.6.5, an important update full of bug fixes and security patches. But for users of Symantec’s PGP WDE (Whole Disk Encryption) product, updating their Macs resulted in disastrous consequences [1] as they were completely unable to boot their systems. Reports started appearing in the PGP WDE support forums, and this was quickly confirmed by TidBITS Senior Editor Joe Kissell—not through intrepid investigative reporting, but due to being locked out of his own laptop after trying to upgrade.

This isn’t the first time PGP WDE users have struggled with Mac OS X upgrades, and to understand why, it’s worth taking a moment to talk about how disk encryption works.

And for any of you who are locked out of your PGP WDE-encrypted drive, the good news is that your data is safe, and PGP issued recovery software and instructions [2] on 12 November 2010. Also, for those PGP WDE users who haven’t yet upgraded to Mac OS X 10.6.5, Symantec also posted instructions on that page about how to upgrade safely using the latest version of PGP WDE (10.0.2).

How Full Disk Encryption Works -- Disk encryption is the single most important security control for anyone with sensitive data on a laptop. Without it, if your laptop is lost or stolen, anyone with a modicum of knowledge can easily access your data. Circumventing passwords isn’t all that difficult on any operating system, and Mac OS X is no exception.

One option for Mac users is to use Apple’s built-in FileVault technology, which encrypts your home folder. FileVault is extremely secure, but it can make managing backups difficult. For example, if you use FileVault, Time Machine will back up your home folder files only when you log out of your account (unless you are one of the rare few storing your backups on a Mac running Mac OS X Server). FileVault also protects only your home folder, which may not be sufficient for everyone.

Finally, as I documented in “The Ghost in My FileVault [3]” (13 September 2007), like any encryption, FileVault can be persnickety at times and can lock you out of all or some of your data. (Since encryption modifies the file system at a low level, single-bit errors can sometimes lead to much wider corruption).

Another option is called Whole Disk Encryption (WDE) or Full Disk Encryption (FDE). Unlike FileVault, which stores your data in an encrypted disk image, WDE products encrypt nearly the entire contents of your drive at the disk sector level. WDE products are powerful, since they encrypt everything, and by encrypting at such a low level all your backups work normally.

This is so effective that when I’m advising large enterprises on how to protect their mobile workers, I always tell them their most important security control is to deploy WDE on all portable systems (and to encrypt smartphones and iPads, but that’s an article for another day).

Note that Symantec’s PGP WDE is currently one of only two WDE products sold directly to Mac consumers; the other is WinMagic’s SecureDoc [4], and I know of two additional products for corporate users.

WDE works by integrating with the firmware on your Mac so that when you boot your computer you enter an unencrypted “pre-boot” environment. This is nothing more than a highly secure mini operating system whose sole job is to ask you for your password, and then decrypt and give you access to your normal operating system, which lives in an encrypted disk partition. (Joe Kissell discusses more about how WDE works in “Securing Your Disks with PGP Whole Disk Encryption [5],” 31 October 2008.)

That’s why, for those of you using PGP WDE, when you turn on your Mac you see the PGP prompt... which looks nothing like Mac OS X. Entering your password there is what enables the pre-boot operating system to recover the protected encryption key that unlocks the rest of your system, and then loads Mac OS X.

Why OS Updates Break WDE -- When a minor software update affects only the main operating system, it shouldn’t cause any problems for WDE products. The issue is usually seen with major updates, which may change how the operating system loads or interacts with the firmware that, among other things, enables the hardware of your computer to see storage devices and load the operating system code.

That’s the reason I no longer use PGP WDE, even though I had initially switched to it after my problems with FileVault. When Mac OS X 10.6 was released, PGP (which wasn’t yet owned by Symantec) warned all users that the product was not compatible with the changes in the operating system and the Mac firmware (EFI, the Extensible Firmware Interface [6]). Since I needed to write about 10.6, I had to upgrade, so I decrypted my system and removed PGP WDE. Around the same time I also bought a spiffy new Mac Pro, thus relegating my laptop to a secondary system. Since I wasn’t worried about backing it up, I switched back to FileVault. (PGP eventually provided Snow Leopard compatibility; see “PGP Whole Disk Encryption and PGP Desktop Professional 10.0 [7],” 14 May 2010.)

In their knowledgebase post [8], Symantec states that they tested PGP WDE with all development versions of Mac OS X 10.6.5 and there weren’t any problems, but that the shipping version of the update overwrote one of the changes PGP WDE makes to the boot.efi file used to load the operating system. This prevents loading of the pre-boot environment, and thus eliminates password entry.

Joe Kissell solved the problem by booting his laptop from an unencrypted external drive that also had PGP WDE installed, and then decrypting his main drive with that version of PGP. You might have such a setup if part of your backup plan includes a bootable duplicate, as most experts (including Joe) recommend.

Symantec’s solution is a bootable disk containing a version of PGP WDE designed specifically to recover from this problem. Instead of decrypting the drive and removing the security, when the password is entered, it accesses the drive and modifies the files needed to enable PGP WDE to work normally again.

If Symantec’s statement is true, this means Apple modified the release version of the update without giving developers the chance to evaluate the changes and update their products. Apple has done this in the past, which can lead to a variety of frustrating software issues. It’s one of the common criticisms from enterprise users who have to support hundreds or thousands of systems and, often, custom software. If the update was in the development pre-releases, then Symantec is at fault. Either way, this was a completely preventable problem.

Should You Encrypt Your Disk? -- I still highly recommend encryption for anyone worried about losing a laptop and thus exposing its information. A whole disk encryption product offers the best security, and easiest backups, but since this software isn’t provided by Apple, there is a greater chance of upgrade issues. You might also encrypt a desktop if you’re worried about theft.

FileVault is also very secure, and if you are comfortable with altering your backup strategy to account for its limitations, it has the added advantage of being free and completely supported by Apple. It also allows you to encrypt only your own files if you share a system with another user.

Either way, keeping current backups is absolutely essential, and I recommend having at least one good backup of important data (especially sentimental items like photos) that you can access even if your encryption breaks. A great option is to use a backup service like CrashPlan [9] that backs up your data to a remote drive or location, and encrypts it in an entirely different way (for more about CrashPlan, see “CrashPlan: Backups Revisited [10],” 26 February 2007 and “CrashPlan Adds Direct-to-Disk Backups [11],” 15 December 2008).