Advanced PBA Features
Advanced PBA Features
This section details the advanced features in the PBA – The log viewer and advanced configuration options. Both of the following PBA features can be permanently disabled via the Pre-Boot tab of the PBA Administration module in the Matrix42 Full Disk Encryption Control Center. For more details, see PBA Administration.
Log viewer
This section details the log viewer functionality in the PBA. The log viewer is a diagnostics tool to help administrators locate any problems with PBA, for example, if a supported smart card reader has been successfully recognized by the Linux kernel, or that the boot process has been successful. This information may be needed by the local administrator or by the HelpDesk personnel in an emergency
- To open the log viewer, press the Ctrl+F12 key while still in the PBA logon dialog.
- The Administration password dialog appears:
- Enter the credentials and click OK.
- The PBA dialog appears. The tabs represent the Linux functionality used by the PBA component.
The tabs display the following information:
Tab | Details |
---|---|
PBA-Log
|
This is the only tab that is purely for Matrix42 Full Disk Encryption. It details the log messages generated by PBA application, from loading the PKCS#11 modules to initializing the card reader. |
Kernel-Messages |
Linux core boot messages relevant to Matrix42 Full Disk Encryption. |
Ispci |
An enumeration of all devices connected to the PCI bus. |
Isusb |
An enumeration of all devices connected to the USB bus. |
Ispcmcia |
An enumeration of all devices connected to the PCMCIA bus. |
Ismod |
All currently loaded kernel modules. |
The buttons have the following functionality:
Function | Details |
---|---|
Refresh |
Use this function to update the input to the log viewer. This is useful to see if a new smart card or reader has been recognized by PBA. |
Save log
|
Use this function to save the log messages to a file. These files can only be saved to a USB mass storage device. Press Ctrl+F1 key while still in the PBA logon dialog without providing administrator password. Only FAT32 file system is supported. |
Clear log |
Use this function to clear the dialog of all log input up to that point in time. This is useful if you want to view new log messages. |
Close |
Close the log viewer dialog. |
Advanced PBA configuration options
This section details the advanced configuration options in the PBA. This feature will enable you to alter a few specific features to help speed-up the PBA loading time and/or secure the PBA further.
PBA damage risk. These options can damage the PBA if set incorrectly! If you have not already done so, it is recommended to contact your administrator or Matrix42 support before setting any options.
- To open the advanced options, press the Ctrl+F11 key while still in the PBA logon dialog.
- The Administration password dialog appears:
- Enter the Matrix42 Full Disk Encryption administration password and click OK.
- The Advanced PBA Configuration dialog appears:
The tabs display the following information:
Tab | Details |
---|---|
General
|
This option is usually of no interest but may be of used on specific notebooks to overcome some issues during soft-booting to Windows:
Check this option if you are having problems with some USB smart card readers. This option stops the USB 2.0 drivers being loaded into the Linux PBA. |
PKCS#11 Modules
|
Click this tab if you want to change the order in which the smart card provider modules (PKCS#11 modules) are scanned during smart card auto-detection. Select a provider you want scanned first from the list and click Up until the entry is at the top of the list. |
Keyboard Layouts
|
Click this tab if you want to change the keyboard layout used for PBA authentication.
The current keyboard layout is displayed above the list.
Once a layout has been selected from the list (and Apply is clicked) you can test the new layout in this dialog. |
The remaining options/buttons have the following functionality:
Function | Details |
---|---|
Save options permanently to disk |
Check this option before clicking Apply or OK to permanently save any changes you make to the PBA. If you do not check this option, any changes you make will apply only to this session. |
Cancel |
Click Cancel to return to the PBA logon dialog. |
Apply |
Click Apply to confirm any changes, but remain in the Advanced PBA Configuration dialog. |
OK |
Click OK to confirm any changes and return to the PBA logon dialog. |
Changing keyboard layout
This feature enables a user to change the keyboard layout while still in the PBA – without the need for authentication.
- To open the keyboard layout dialog, press the Ctrl+F9 key while still in the PBA logon dialog.
- The Keyboard layouts dialog appears:
The following options are available:
Option | Details |
---|---|
Keyboard layouts
|
Check this option before clicking Apply or OK to permanently save any changes you make to the PBA. If you do not check this option, any changes you make will apply only to this session. |
Test [field] |
Click Cancel to return to the PBA logon dialog. |
Save options permanently to disk |
Check this option before clicking Apply or OK to permanently save any changes you make to the PBA. If you do not check this option, any changes you make will apply only to this session. |
Cancel |
Click Cancel to return to the PBA logon dialog. |
Apply |
Click Apply to confirm any changes but remain in the Advanced PBA Configuration dialog. |
OK |
Click OK to confirm any changes and return to the PBA logon dialog. |
Operating system boot selection
This section details how to select the operating system to boot via the PBA. This feature enables a user to boot the operating system (on selected partition) while still in the PBA – without the need for authentication.
- Perform the steps described in chapter 4 “The Integrated Boot Manager”.
- To open the Operating System Boot Selection dialog, press the F8 key while still in the PBA logon dialog.
- The Operating System Boot Selection dialog appears:
- Select the operating system in specific partition to boot and click OK.
PBA user management
This section details how to perform User Management via the PBA. An admin user is allowed to add a new user, promote as well as delete an existing PBA user(s). A new user will be captured during his/her logon to the computer as a registered user. Only users who has User Admin rights will be able to perform User Management.
- To perform User Management, press the F7 key while still in the PBA logon dialog.
- A confirmation message to perform User Management appears after authentication:
- Click Yes to perform User Management, or No to exit the dialog.
- The PBA logon dialog re-appears.
- Enter your Windows credentials (username, password, and domain) to login.
- After successful login, the User Management dialog appears. The Registered Users tab lists all the existing users in the PBA access control list.
- Select a user and click Promote to promote the user as a User Admin in the PBA access list. The selected user will be promoted as an Admin in the PBA access list.
- If you want to delete the current logged-in user, click Delete in the PBA access control list.
- Click Yes.
- The following message appears:
- Click OK.
- Click Enable self-initialization and register the next user to logon option to capture the next user who log on to the computer to be self-initialized as a valid user.
- On selecting this option, the other two options get enabled.
- Select Perform user registration with a Smart Card option to register the captured user with Smart Card authentication.
- Select Grant User Admin privileges to the next user registered option to register the captured user with User Admin privileges.
- Click OK to save.
- If a normal PBA user tries to perform User Management, the following message appears.
- Click Continue to proceed with the logon process. The User Management dialog will not appear after successful logon.