Extensible pre-boot authentication
First Claim
Patent Images
1. A method comprising:
- obtaining a pre-boot authentication (PBA) image from a non-volatile storage in a pre-boot environment, wherein the non-volatile storage is configured with full disk encryption (FDE);
executing the PBA using an engine of a chipset to obtain user credential information from a user; and
controlling access to a PBA metadata region of the non-volatile storage using the engine based on the user credential information and stored credential information, and storing the user credential information in the PBA metadata region.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a full disk encryption disk in a pre-boot environment, executing the PBA using a chipset to obtain user credential information, authorizing the user based on the user credential information and stored credential information, and storing the user credential information in a PBA metadata region of the disk. Other embodiments are described and claimed.
81 Citations
20 Claims
-
1. A method comprising:
-
obtaining a pre-boot authentication (PBA) image from a non-volatile storage in a pre-boot environment, wherein the non-volatile storage is configured with full disk encryption (FDE); executing the PBA using an engine of a chipset to obtain user credential information from a user; and controlling access to a PBA metadata region of the non-volatile storage using the engine based on the user credential information and stored credential information, and storing the user credential information in the PBA metadata region. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article comprising a machine-accessible storage medium including instructions that when executed cause a system to:
-
receive a request from a pre-boot authentication (PBA) agent in a pre-boot environment of the system to store a PBA context into a PBA region of a non-volatile storage, wherein the PBA region is unencrypted and is hidden from view of non-PBA agents; and write the PBA context to the PBA region using security firmware of a chipset coupled to the non-volatile storage. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system comprising:
-
a processor; a chipset coupled to the processor and including a first engine to execute a pre-boot authorization module (PBAM); and a mass storage coupled to the chipset, the mass storage configured for full disk encryption, wherein the mass storage has an encrypted region and a hidden region to store metadata for the PBAM, wherein the first engine is to access the hidden region to authorize a user during the execution of the PBAM in a pre-boot environment and to store pre-boot authentication (PBA) context in the hidden region. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification