Jump to content

Pre-boot authentication

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 76.103.213.6 (talk) at 06:01, 9 March 2013 (References: del Category:Computer security --- ...access control is already a subcat). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Pre-Boot Authentication (PBA) or Power-On Authentication (POA)[1] serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.[2]

Benefits of Pre-Boot Authentication

How Pre-Boot Authentication Works

Generic Boot Sequence

  1. Basic Input/Output System (BIOS)
  2. Master boot record (MBR) partition table
  3. Pre-boot authentication (PBA)
  4. Operating system (OS) boots

A PBA environment serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the computer. That trusted layer eliminates the possibility that one of the millions of lines of OS code can compromise the privacy of personal or company data.

Pre-Boot Authentication Technologies

Combinations with Full Disk Encryption

Pre-Boot Authentication is generally provided by a variety of full disk encryption vendors, but can be installed separately. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption. However, without some form of authentication, encryption provides little protection.

Authentication Methods

The standard complement of authentication methods exist for Pre-Boot Authentication including:

  1. Something you know (i.e. username / password)
  2. Something you have (i.e. smart card or other token)
  3. Something you are (i.e. biometric data)

References

  1. ^ "Sophos brings enterprise-level encryption to the Mac". Network World. August 2, 2010. Retrieved 2010-08-03.
  2. ^ a b "Pre-Boot Authentication". SECUDE. February 21, 2008. Retrieved 2008-02-22.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Pre-boot_authentication&oldid=542981340"