When attempting to authenticate the Symantec Encryption Desktop BootGuard/Pre Boot screen with UEFI systems, an "incorrect passphrase" error appears.

Having no shift-key functionality affects the ability to enter special characters during the Pre Boot authentication screen using UEFI BIOS mode if non-US keyboard layout is selected.

Note: For information on how to resolve this issue on Symantec Encryption Desktop 10.4.x, see the following article:

164994 - On certain Dell computers running Symantec Encryption Desktop 10.4.x, the Shift key does not work at PGP BootGuard

Systems affected:
Dell Latitude E5570/E5470/E7440/E7450/E7470

The SHIFT key is not capitalizing the letters on input, therefore all characters in password field appear in lower case (special characters appear as numbers).

Dell systems use a BIOS typically developed by American Megatrends, Inc. (AMI).  There have been some improvements included in SEE 11.1.3 which allow using the shift-key in non-US keyboard layout in these AMI BIOS environments.  Symantec Encryption software does not contain these improvements for the older implementations of UEFI BIOS environments.  In order to take advantage of these fixes, UEFI BIOS will need to be used and be updated. 

SEE 11.1.3 provides a newer implementation of BIOS functionality to work with the AMI BIOS implementations (with UEFI) that may cause the shift key to fail on non-US keyboards or potentially cause missing keystrokes or loss of keyboard functionality.  There may be some possible issues for systems using an older implementation of UEFI BIOS.  In the unlikely event that this older AMI BIOS implementation of UEFI within the SEE 11.1.3 causes issues, the USB keyboards may become nonfunctional.  The following workarounds exists:

Workaround Scenario 1:
1. Upgrade to the latest UEFI BIOS available from the hardware vendor using AMI BIOS.

Workaround Scenario 2:
If the upgrade of the AMI BIOS does not address this problem, reverting to the older implementation of SEE 11 is possible to restore USB keyboard functionality within the software.  In order to revert the BIOS implementation within Symantec Endpoint Encryption 11.1.3, follow the below steps:

Temporary workaround:
a. Keep the down arrow key ↓ pressed while booting. This will set the flag to use the old AMI BIOS implementation temporarily for that boot/session only.

Permanent workaround:
b. To permanently use the older implementation of SEE 11.1.3 on UEFI systems, use the following command to switch to use AMI API's either from a customized Windows PE CD or UFD or using command line after booting into windows with option (a):

eedAdminCli --bootprop-set --name AMIKBAPI --val 1 --au   --ap  

NOTE: The fix for this issue currently exists for SEE 11.1.3. 

Symantec Encryption Desktop 10.4.1 MP1 includes a fix to address this problem, please see the following article:
164994 - On certain Dell computers running Symantec Encryption Desktop 10.4.x, the Shift key does not work at PGP BootGuard

Workaround Scenario 3:
The following is a temporary workaround when the Shift key cannot be used to authenticate Pre Boot without applying any software updates to either BIOS, or Symantec Encryption software:

• Authentication in BootGuard with Whole Disk Recover Token (WDRT)
• Authentication in BootGuard using Caps Lock button for upper case letters
• Authentication in BootGuard using pgp-user account with password that do not require special characters and or upper-case letters
• Authentication in Symantec Encryption Desktop when hard drive of affected machine is slaved to another PC with Symantec Encryption Desktop

Etracks: 4049963, 3923363, 3539056
EPG-25371, EPG-26998, EPG-26835

153623 - Changing Keyboard Layout for  PGP Encryption Desktop Preboot Display and Keyboard Input Language with Troubleshooting

174651 - Changing Keyboard Layout for  Symantec Endpoint Encryption Preboot Display and Keyboard Input Language with Troubleshooting

164994 - On certain Dell computers running Symantec Encryption Desktop 10.4.x, the Shift key does not work at PGP BootGuard