Pre-Boot Authentication

The Pre-Boot Authentication ( German as: pre-boot authentication process ) is a software component from the Sicherheits-/Verschlüsselungssoftware-Branche.

The application on a terminal is in the PBA immediately after the BIOS loading done ( but before the operating system boot).

Disambiguation

As a Pre-Boot Authentication (abbreviated PBA ) was originally a security component of the encryption software SafeGuard Easy Company Utimaco (now Sophos ) refers. This name was also adopted by other manufacturers of similar software. The application on a terminal is in the PBA immediately after the BIOS loading done ( but before the operating system boot).

The code that is needed to run the PBA, is located in the so-called Master Boot Record (MBR ) or the MBR points to this code.

By unlocking the PBA (password, certificate, etc. ) the access is to the components necessary for boot given (similar drivers for SCSI RAID, etc. ) using a filter driver.

The user can be password with digital certificates that lying down on smart cards or USB sticks, alternatively authenticated. In addition to these mechanisms, the mandatory sector-based disk encryption for a higher level of confidentiality provides.

Unauthorized third parties have no access to the operating system, the hard drive is moved to a different system, this is unreadable without the appropriate PBA software.

Function

This component is, however, displayed after loading the BIOS before booting the operating system. In the PBA credentials are retrieved that are required to access the encrypted file system.

Products with Pre-Boot Authentication

  • BitLocker of Microsoft (Windows)
  • DiskCryptor, Open Source (Windows)
  • DriveCrypt Plus Pack SecurStar (Windows)
  • Endpoint Encryption McAfee (Windows, Mac OS X)
  • FileVault Apple (Mac OS X)
  • FinallySecure Enterprise of Secude (Windows)
  • Free CompuSec of CE - Infosys ( Windows)
  • Full Disk Encryption Check Point (Windows, Mac OS X and Linux)
  • PGP Whole Disk Encryption from Symantec ( Windows, Mac OS X and Linux)
  • Protect Drive SafeNet (Windows)
  • SafeGuard Sophos (Windows)
  • SecureDoc of Winmagic (Windows, Mac OS X and Linux)
  • TrueCrypt, Open Source (Windows, Mac OS X and Linux)
  • OmniPass from Softex Incorporated ( Windows)
  • Becrypt / possible cooperation with SafeNet token

Alternatives

In addition to the pre-boot authentication, the operating system can automatically start a decryption program after system startup. In this variant, but only files can be encrypted, which are not necessary to the actual startup.

Examples of such solutions are cryptsetup and LUKS under Linux.

BitLocker Drive Encryption dm-crypt
355512
de