Re: URGENT: T420s BIOS v1.29 and PGP Whole Disk Encryption

someotherguy · ‎10-29-2009

http://support.lenovo.com/en_US/downloads/detail.page?LegacyDocID=MIGR-77150

scroll to the bottom of the page, all of the previous BIOS releases for X220 are linked there.

In the future, you can find this info yourself from the driver matrix at support.lenovo.com

You've opened a case with Symantec about this, right?

Steve_Renaud · ‎10-20-2011

Why would PGP need to fix what Lenovo broke? I have T420 and X220 laptops that haven't done the BIOS updates and PGP works fine. It is something you the latest BIOS update that is breaking it. Neither Symantec nor I know what code level changes Lenovo made to the BIOS so I don't see how Symantec will be able to fix the issue. I saw in a earlier post that Lenovo engineers were aware of the problem and working on it. Is there an ETA on the fix? As a coporation we have to have PGP for SOX compliances, so not using PGP or similiar product is not an option.

someotherguy · ‎10-29-2009

We have no idea why PGP has any dependency on BIOS. Typically what we have seen with the encryption vendors in the past, is that they sometimes rely on undocumented BIOS interfaces that they shouldn't be using. And BIOS can change these interfaces at any time, which can cause software to break like this. Many times it's the software that ends up needing to be fixed, not the BIOS. We will definitely investigate, but just FYI as to what we have seen in the past. And I think the case needs to be opened at Symantec as well. Or you can just continue using a BIOS version that is known to work.

someotherguy · ‎10-29-2009

Does this describe the problem? http://kb.mit.edu/confluence/display/istcontrib/Boot+error+with+PGP+and+certain+laptops+running+Wind...

"NOTE: Symantec released a service pack (PGP Desktop version 10.1.2 SP2) with the fix for this issue that customers can install on their new hardware."

Have you tried that service pack?

EDIT: also look here: http://www.symantec.com/business/support/index?page=content&id=TECH149189

I think the very first issue describes your problem?

"Resolved an issue that prevented users from accessing the PGP BootGuard screen to authenticate Windows systems. [28338]"

someotherguy · ‎10-29-2009

Here's another symantec article that suggests 10.2 is needed to fix the problem:

http://www.symantec.com/business/support/index?page=content&id=TECH160346

Again, anyone having this issue needs to open a case with Symantec about it.

Steve_Renaud · ‎10-20-2011

Yes, thank you. I've contact PGP and we are working on a solution and will verify if this fixes the issue.

someotherguy · ‎10-29-2009

Please share what you find out from Symantec/PGP. There are several customers reporting this issue. Thanks.

Mark_Lenovo · ‎11-19-2007

Steve,

Thanks for the feedback and keeping the community up to date. Much appreciated!

Best,

Mark

____________________________________________

ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
www.twitter.com/lenovoforums
www.facebook.com/lenovo

English English Community Deutsche Community Comunidad en Español

Steve_Renaud · ‎10-20-2011

Ok... so here is an update. The issue is that if your PGP client is 9.X something then the latest BIOS update from Lenovo will break PGP everytime. You can download the ISO for the 10.2 recovery disc and boot off of that to get into windows. You just need to download a older BIOS update and "Update" your BIOS to the older version.

For X220 I belive it is version 1.19, for the T420 it should be version 1.30. I haven't tested the T420 BIOS, but I have tested and verified the X220 version works.

The permanat fix is to upgrade your PGP servers to the latest version, I believe it is version 10.2, and then update the client software on all the PCs using PGP.

Steve_Renaud · ‎10-20-2011

Just confirmed that BIOS version 1.30 for the Lenovo T420 does work on PGP version 9.X