Pre-Boot Authentication (PBA) is a software that is used in the context of Self-Encrypting Drives (SEDs) - it unlocks the drive and makes it usable for the user.
TrustedPBA is a new PBA that is based on TamaGo and is executed as a EFI application. We wanted the simplicity of Golang combined with the benefits of the running the PBA in UEFI directly. TrustedPBA provides you with these benefits and is highly customizable:
- Different methods to unlock the drive - TPM PCR-based, TPM NVRAM-based, Password Input and many others
- Boot Policy Configuration
TrustedPBA enables the user to chainload every operating system which includes Windows which is a common limitation of 'classical' busybox PBAs.
Classic "behind the curtain'-looker.
I am a firmware and embedded systems engineer with experience in safety‑critical operating systems, high‑security platform design, and host firmware development for modern hardware platforms. I have spent the past decade working on microkernel‑ and Linux‑based systems for defense and high‑assurance environments, focusing on partitioning, isolation, and robust system architectures that meet safety and security certification requirements.
Most recently, I have led open‑source firmware efforts at 9elements, driving host firmware projects around coreboot, EDK2 (UEFI), and secure storage. Contributing to the development of secure and transparent firmware solutions for servers and security‑sensitive platforms.