|Check Point Disk Encryption (v3.3.0 bld 202) Problems w/updated 2011 MacBook Pros?|
(Update (May 24th) - FYI on Fix/Update to Checkpoint)
Hi Mike, A couple of weeks ago I reported that CheckPoint Full Disk Encryption (FDE) was "broken" by the MBP 2.1 EFI firmware update (May 6th post below) - Per below email, CheckPoint has issued a fix. (below email has a typo, updated compatible FDE version is actually 3.3.2, see attached pdf file p. 5).
Will follow up again once this new FDE version has been installed to confirm that all is well.
(copy of CP update comments he included follows)
CheckPoint has released a new version that will fix this issue. For Macs that have the Thunderbolt and Sandy Bridge chipsets, the compatible FDE version is 3.2.2. (actually 3.3.2) We are currently testing the newer version and will soon make it available for download."
(The original post on the problem from May 6th follows)
I don't use Checkpoint, nor own a 2011 Mac, but posting as a FYI and welcome any other feedback on this. I remember a previous major problem/incompatibility with an OS X update and some other encryption software (PGP?) in the last year, but can't recall the details now other than you had to turn off/decrypt the drive before updating until they had a fix.
"Hi Mike, This is the first time I've ever submitted to your site (which is excellent, by the way), and felt the need to because of a significant issue I've had with this update on my 2011 MBP 15" i7 2.0GHz (all stock). This is my work-supplied machine and, to maintain security, am required to run Check Point Endpoint Security Full Disk Encryption for Mac OS (version 3.3.0 build 202, specifically, was installed).
Yesterday I applied the MacBook Pro Software Update 1.4 with no problems. Immediately afterward, I applied the MacBook Pro EFI Update 2.1 which went smoothly and installed as Apple said it should. However, after my system rebooted, instead of getting the Check Point login screen as usual, I only got a blank white screen. Restarted and reset the PRAM, same white screen. Started up with the OS install disc, was able to see my hard drive and Check Point boot partitions, ran disk repair, repaired permissions, still no go with Check Point login screen after rebooting from internal HD. Called Check Point tech support and they said it was likely the Apple firmware update that messed with their software, and that my IT tech people could restore my machine by running the Check Point restore file that should have been generated when they installed it. Otherwise, I'd have to erase my drive and reinstall everything. My IT person knew nothing of this Check Point restore file (never created one during installation). So I had to restore my system from a current Time Machine backup and got everything back to normal (except no more Check Point functionality, of course).
Because I still need to have Check Point on my machine, this morning my IT person reinstalled it. Installation went ok, but after rebooting I got the blank white screen of death once again (remember, EFI Update 2.1 still remains on my MBP).
(BTW - I confirmed with him that the new firmware version was reported in ASP, to verify the update had not failed.-Mike)
Thus, this 2.1 update is not compatible with Check Point 3.3.0 and I've reported it to my company's Check Point point person, and have also asked that person to report it to Check Point for a fix. So if any of your readers are using Check Point with the latest MBPs, they may want to hold off on applying the 2.1 update until Check Point issues a fix.
To make matters worse, my IT person just told me they may have to shut me down from using my MBP because I'm breaking company policy by not using full disk encryption on my drive (Apple's FileVault is not good enough for them). This is my only computer; I don't use a desktop in addition to this MBP! What a pain! I did a quick search and couldn't find anything on rolling back the MBP firmware to the previous (Check Point compatible) version.
Good thing it's Friday because this has just killed my productivity since yesterday AM...
Will may already have done this, but I'd also contact apple support to both let them know of the problem and to see if they could provide you with a backflash until a fix is available. I doubt they'd send you a backflash app, but perhaps setup a local apple store tech to do it. (Apple had a Firmware Restoration CD download but that was only used for failed updates, not for reverting back.)
(Will later wrote he contacted apple support but no luck getting a backflash.)
If any other reader with a similar combo has any other suggestions (or better results) let me know. Thanks.
|Follow-up from 2011 MBP owner on DVI ext. Display issues (update solved):|
When I saw the 2011 MacBook Pro update notes Wed. night, I hoped it would solve Gene's problems with the single link adapter and Apple DVI displays. He confirmed it did, but wished it had came a little sooner...
"Mike, the latest update, MacBookProSoftwareUpdate1.4 (released Wed., along with EFI 2.1 update) fixed my video problem that was previously reported. (Report w/screenhot in Mar 31st, 2011 archives page) The cheaper $39 DVI adapter works once again with crystal quality on my 23" Apple monitor.
(I asked if he also applied the EFI 2.1 update)
I applied both updates.
Unfortunately, the update comes too late for me to return the more expensive ($99 list) Dual-Link DVI Adapter to the Apple store for any kind of credit.
(Post on dual-link adapter working in April 20th news)
Guess I'll just have to buy one of those 30" monitors now. :-)
Thanks for all your help, Gene"
While on the subject of that MBP software update, apple corrected the OS X build number in the update page to 10J4138. (When I posted the info late Wed. night, the page listed 10J4035.)