Pre-Boot Authentication (PBA) is an extension to firmware/BIOS and prevents Protected Operating System (POS) access to users without authentication. Thus, it facilitates root of trust from hardware to firmware, then PBA and finally to the POS. It ensures that there are no threats from the external environment to the Operating System. The PBA can be supported using either SED (Self-Encrypting Drive) or regular Hard-Disk Drive(HDD). The data on these disks are encrypted and thus Data-At-Rest (DAR) protection is achieved. The PBA can be built over the FIPS platform and can support Common Criteria standards for Authorization Acquisition (AA) and Encryption Engine (EE) collaboration Protection Profiles(cPPs). These standards allow such PBA to be used in military-grade equipment. Another variation of PBA is the use of a token to boot the PBA. It is also called Headless PBA for unattended applications. Since this product is mostly used in military equipment, it becomes mandatory to support Cryptographic and Block Erase of the disks to ensure that if the equipment falls in the hands of an enemy, even a forensic analysis will not be able to recover data from those disks.For more details, visit Common Criteria Portal and look for collaborative Protection Profiles (cPP) and Data Protection profiles.
At Network Marvels, we have built PBA for multiple customers. We specialize in using the features of SED in locking, unlocking, login, deactivate, reactivate, uninstall, revert and cryptographic erase. For HDD, we have experience in supporting Full Disk Encryption (FDE) on UNIX and Windows Operating Systems. This also involves device driver development on these OS for encryption/decryption of Block storage. These products also support enrollment of AD users, Azure Active Directory (Azure AD) and SSO using credential providers. We are also well-versed in Common Criteria Standards for AA and EE profiles and have assisted our customers gain these certifications. We have expertise in developing cryptographic mechanisms with focus on platforms, FIPS mode, crypto libraries, algorithms, key sizes, ACVP testing, etc. For more details, request for a detailed case study from info@networkmarvels.com with this topic as the subject of your email.