It is advantageous to provide boot-time user authentication on a system where all sectors on the hard drive have been encrypted. This can be used in conjunction with a “whole disk” encryption system, which prevents access to data stored on the disk without proper authorization. Since the disk itself is encrypted, the operating system (OS) cannot be booted for the authentication.
In the prior art, such pre-OS authentication has been done in as an 8-bit or 16-bit mini-OS. For example, the mini-OS that has been used in the past was DOS (disk operating system). Loading boot code is the first step in loading the mini-OS. The information stored in the boot code gives the computer instructions about starting the OS, First the Master Boot Record (MBR) and the extended partition table are read, which specifies where the boot sector is located, which is then read, starting the OS to load. This process is called loading boot code.
This environment (using 8-bit or 16-bit mini-OSes) is no longer adequate as new authentication technologies, such as biometrics and Smart Cards, are being developed that only work in newer, more advanced operating systems, such as Windows 95, Windows XP or Linux, which are generally 32-bits at this point, and will likely become 64-bit, and beyond in the future. Using such a mini-OS in conjunction with the new authentication technologies requires the construction of complicated drivers that permit the use of the technologies with the abbreviated mini-OS. This requires extensive programming, as well as introducing a delay between when a new, or updated operating system or security technology becomes available, and when the whole disk encryption method becomes available.