Pre-boot authentication
Encyclopedia
Pre-Boot Authentication (PBA) or Power-On Authentication (POA) serves as an extension of the BIOS
or boot firmware and guarantees a secure, tamper-proof environment external to the operating system
as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.
A PBA environment serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the door. That trusted layer eliminates the possibility that one of the millions of lines of OS code can compromise the privacy of personal or company data.
vendors, but can be installed separately. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption
. However, without some form of authentication, encryption provides little protection.
BIOS
In IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
or boot firmware and guarantees a secure, tamper-proof environment external to the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.
Benefits of Pre-Boot Authentication
- Full disk encryptionFull disk encryptionDisk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...
outside of the operating system level - EncryptionEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
of temporary files - Data-at-rest protection
Generic Boot Sequence
- Basic Input/Output System (BIOS)
- Master boot recordMaster boot recordA master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...
(MBR) partition table - Pre-boot authentication (PBA)
- Operating system (OS) boots
A PBA environment serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the door. That trusted layer eliminates the possibility that one of the millions of lines of OS code can compromise the privacy of personal or company data.
Combinations with Full Disk Encryption
Pre-Boot Authentication is generally provided by a variety of full disk encryptionFull disk encryption
Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...
vendors, but can be installed separately. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption
Hardware-based full disk encryption
Hardware-based full disk encryption is available from many hard disk drive vendors, including: Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as Samsung...
. However, without some form of authentication, encryption provides little protection.
Authentication Methods
The standard complement of authentication methods exist for Pre-Boot Authentication including:- Something you know (i.e. username / password)
- Something you have (i.e. smart cardSmart cardA smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...
or other token) - Something you are (i.e. biometric data)