Pre-boot authentication

From Wikipedia, the free encyclopedia

This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (April 2008)

This article may require cleanup to meet Wikipedia's quality standards.
Please improve this article if you can. (April 2008)

Please help improve this article or section by expanding it.
Further information might be found on the talk page or at requests for expansion. (April 2008)

Pre-Boot Authentication (PBA) serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed he/she has the correct password or other credentials.^[1]

1 Misnomer
2 Combinations with Full Disk Encryption
3 Authentication Methods
4 References

[edit] Misnomer

Sometimes pre-Boot Authentication is a misnomer since a basic OS can be loaded prior to the main operating system in some implementations. Pre-boot authentication can take on a number of forms, it can be a start up (BIOS) password implemented on the Motherboard, or in on the boot volume itself. In the latter instance the boot sector of a hard drive is overwritten with a small executable which starts the decryption of the drive and hands off the credientals to Windows to continue booting. While, the Truecrypt^[2] is an full disk encryption system it is also pre-boot authentication since you need to enter a password for the drive to boot.

[edit] Combinations with Full Disk Encryption

Pre-Boot Authentication is generally provided by a variety of full disk encryption vendors, but can be installed separately. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption. However, without some form of authentication, encryption provides little protection.