Before you encrypt your disk, be sure to back it up so that you won’t lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.
You can only encrypt, decrypt, or re-encrypt one disk or partition at a time. Once you begin an operation on a disk or partition, you cannot start encrypting another one until the process is complete on the first. You cannot circumvent this by pausing the first operation.
Caution: While your disk is encrypting, do not accept any operating system updates if they are offered. If the update occurs automatically, do not restart your computer until the encryption process has completed.
To protect a disk or partition using Symantec Drive Encryption
1 Open Symantec Encryption Desktop and click on the PGP Disk Control box. The PGP Disk Control box highlights.
136 Protecting Disks with Symantec Drive Encryption Encrypting a Disk or Partition
2
3
4
5
Click Encrypt Whole Disk. The Encrypt Whole Disk (Partition) work area displays, and you see a listing of the disks on your system that can be protected by
Symantec Drive Encryption: disks, disk partitions, removable media, and so on. In the Encrypt Whole Disk (Partition) work area, in the Select disk or partition to encrypt section at the top, click to select the disk or partition on your computer that you want to protect using Symantec Drive Encryption.
Choose the Encryption Options that you want to use, if any. For more information about your choices, see Using Symantec Drive Encryption Options (on page 133). In the User Access section, specify how you want to access your protected disk or partition:
Token-based Public Key User. If you are protecting a fixed (non-removable) disk on your system.
Type the user name or email address associated with the key, then press Enter to find the key. You can also select Add User Key. A list of the keypairs on your keyring is displayed. From the key source box, select the public key or keys that you want to use. Click Add to move the keys to the Keys to add field and then click OK. Click Encrypt. Passphrase User. If you want to protect your disk or partition with a
passphrase, select New Passphrase User. The PGP Disk Assistant: Whole
Disk Encryption - New User dialog box is displayed.
To unlock your encrypted disk using your Windows Account Logon, select Use Windows Password then click Next. In the PGP Disk Assistant: Two Factor Authentication dialog box, select Proceed with Passphrase Authentication only and click Next. In the PGP Disk Assistant: Windows Account Logon dialog box, type your Windows user name, domain, and password, and click Next. Click Finish.If you choose the Use Windows Password option, after initial encryption, use your Windows password when the PGP BootGuard screen is displayed at the start of booting. The PGP Single Sign-On (SSO) feature logs into Windows for you—you only need to type your passphrase once. (This is the Single Sign-On feature. For more information, see Using Symantec Drive Encryption Single Sign-On (on page 144).)
To unlock your encrypted disk or partition using a new passphrase, select Create New Passphrase, then click Next. In the PGP Disk Assistant: Two Factor Authentication dialog box, select Proceed with Passphrase Authentication only and click Next. In the PGP Disk Assistant: Create Username and Passphrase dialog box, type the name of the new user and the passphrase you want associated with the user. Type the passphrase again in the Confirm field and click Next. ClickFinish.
To unlock your encrypted disk or partition using two-factor authentication with a passphrase and TPM, select Create New Passphrase, then click Next. In the PGP Disk Assistant: Two Factor Authentication dialog box, select Trusted Platform Module, and clickNext. In the PGP Disk Assistant: Create Username and Passphrase dialog box, type the name of the new user and the passphrase you want associated with the user. Type the passphrase again in the Confirm
137 Protecting Disks with Symantec Drive Encryption
Encrypting a Disk or Partition
Normally, as an added level of security, the characters you type for the passphrase are not visible on the screen. However, if you are sure that no one is watching (either physically over your shoulder or scanning for the radio waves emitted by your monitor) and you would like to see the characters of your passphrase as you type, select the Show Keystrokes checkbox. See The Passphrase Quality Bar (on page 266).
Caution: It is strongly recommended that you use a supported keyboard layout when you are creating a passphrase for your disk or partition protected with Symantec Drive Encryption (for more information, see Supported Keyboards (on page 122)). The Whole Disk Encryption log-in screen assumes you are using one of these keyboard layouts when you type your passphrase to authenticate. Using a different keyboard layout could result in problems authenticating. For more information, see Authenticating at the PGP BootGuard Screen (on page 138).
6 Confirm that you have the user access arrangement that you want, then click
Encrypt.
7 Read the information in the dialog box, and then click OK.
8 To see how much of the disk has been encrypted, refer to the Encryption Progress
bar.
9 To stop the encryption process temporarily, click Stop, then click Pause in the dialog box is displayed. To resume, click Resume. You may be prompted for the appropriate passphrase.
Note: If the encryption process stops and Symantec Encryption Desktop indicates a disk read/write error, it means that Symantec Encryption Desktop has encountered bad sectors on your disk or partition during the encryption process. You can continue encryption or abort the process and fix the errors. See