Pre-boot authentication

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Pre-Boot Authentication (PBA) or Power-On Authentication (POA)[1] serves as an extension of the BIOS or boot firmware and guarantees[citation needed] a secure, tamper-proof[citation needed] environment external to the operating system as a trusted authentication layer. The PBA prevents anything[citation needed] being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.[2]

Benefits of Pre-Boot Authentication[edit]

How Pre-Boot Authentication Works[edit]

Generic Boot Sequence[edit]

  1. Basic Input/Output System (BIOS)
  2. Master boot record (MBR) partition table
  3. Pre-boot authentication (PBA)
  4. Operating system (OS) boots

A PBA environment serves as an extension of the BIOS or boot firmware[citation needed] and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents[citation needed] Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the computer. That trusted layer eliminates the possibility[citation needed] that one of the millions of lines of OS code can compromise the privacy of personal or company data[citation needed].

Pre-Boot Authentication Technologies[edit]

Combinations with Full Disk Encryption[edit]

Pre-Boot Authentication is generally provided[citation needed] by a variety of full disk encryption vendors, but can be installed separately[citation needed]. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption. However, without some form of authentication, encryption provides little protection[citation needed].

Authentication Methods[edit]

The standard complement of authentication methods exist for Pre-Boot Authentication including:

  1. Something you know (i.e. username / password)
  2. Something you have (i.e. smart card or other token)
  3. Something you are (i.e. biometric data)

References[edit]

  1. ^ "Sophos brings enterprise-level encryption to the Mac". Network World. August 2, 2010. Retrieved 2010-08-03. 
  2. ^ a b "Pre-Boot Authentication". SECUDE. February 21, 2008. Archived from the original on 2012-03-04. Retrieved 2008-02-22.