Pre-boot authentication

from Wikipedia, the free encyclopedia

The pre-boot authentication (German as: authentication before startup ) is a software component from the security / encryption software industry.

With the PBA, the login to a terminal takes place immediately after the BIOS loading process (but before the operating system starts).

Disambiguation

A security component of the SafeGuard Easy encryption software from Utimaco (now Sophos ) was originally called Pre-Boot Authentication (PBA for short ). This name has also been adopted by other manufacturers of similar software. With the PBA, the login to a terminal takes place immediately after the BIOS loading process (but before the operating system starts).

The code that is required to execute the PBA is located in the so-called Master Boot Record (MBR) or the MBR refers to this code.

By unlocking the PBA (password, certificate, etc.), access to the components necessary for the system start is given by means of a filter driver (similar to drivers for SCSI RAIDs or similar).

As an alternative to the password, the user can also be authenticated with digital certificates on smart cards or USB sticks. In addition to these mechanisms, the mandatory sector-based hard disk encryption ensures a higher level of confidentiality.

Unauthorized third parties have no access to the operating system; if the hard disk is converted into another system, it is illegible without the corresponding PBA software.

function

This component is displayed after loading the BIOS , but before starting the operating system . In the PBA, access data are requested that are necessary to access the encrypted file system .

Products with pre-boot authentication

  • BitLocker from Microsoft (Windows)
  • CryptoPro Secure Disk for BitLocker from CPSD (Windows)
  • CryptoPro Secure Disk Enterprise from CPSD (Windows)
  • DiskCryptor , Open Source (Windows)
  • DriveCrypt Plus Pack from SecurStar (Windows)
  • McAfee Endpoint Encryption (Windows, Mac OS X)
  • FileVault from Apple (Mac OS X)
  • Full Disk Encryption (FDE) from EgoSecure GmbH (Windows)
  • Free CompuSec from CE-Infosys (Windows)
  • Full Disk Encryption from Check Point (Windows, Mac OS X and Linux)
  • PGP Whole Disk Encryption from Symantec (Windows, Mac OS X and Linux)
  • SafeNet ProtectDrive (Windows)
  • SafeGuard Easy from Sophos (Windows)
  • SecureDoc from Winmagic (Windows, Mac OS X and Linux)
  • TrueCrypt , Open Source (Windows, Mac OS X and Linux) (project discontinued May 2015)
  • VeraCrypt from IDRIX (Windows, Mac OS X, Linux, Raspbian) (based on TrueCrypt 7.1a)
  • OmniPass from Softex Incorporated (Windows)
  • becrypt / possible cooperation with SafeNet Token
  • DriveLock from CenterTools Software SE (Windows)

Alternatives

In addition to pre-boot authentication, the operating system can automatically start a decryption program after the system has started. With this variant, however, only files can be encrypted that are not necessary for the actual system start.

Examples of such solutions are cryptsetup and LUKS under Linux .