A.5 DMI Settings

After pre-boot authentication occurs, the BIOS settings must be correctly set for Windows. With older or unusual hardware configurations, the standard ZENworks PBA boot method and Linux kernel configuration used to provide the BIOS settings might not work, resulting in hardware that does not function correctly or is not recognized by Windows.

This page provides support for older or unusual hardware configurations. These configurations might include the following:

  • Hardware that does not function correctly or is no longer recognized under Windows after successful pre-boot authentication.This failure occurs because not all of the BIOS settings can be correctly handled and set for Windows.

  • New hardware that is not yet natively supported.

  • Poorly programmed BIOS implementations.

Some devices might not support the boot methods or Linux kernel configurations used to provide hardware compatibility.

A.5.1 About Hardware Compatibility

When you have pre-boot authentication configured in a deployed Disk Encryption Policy, a pre-boot screen displays that enables the administrator and, if so configured, the device user, to interact with PBA before Windows boots up. Some devices might not support the boot methods or Linux kernel configurations used to provide hardware compatibility. The Advanced Configuration provides support for older or unusual hardware configurations. These configurations might include the following:

  • Hardware that does not function correctly or is no longer recognized under Windows after successful pre-boot authentication. This failure occurs because not all of the BIOS settings can be correctly handled and set for Windows.

  • New hardware that is not yet natively supported.

  • Poorly programmed BIOS implementations.

After modifying the settings described in the section, you must have Advanced Configuration selected and saved in the policy to make it the default PBA boot method for disk encryption.

NOTE:Beginning in ZENworks 2017 Update 1, Full Disk Encryption began using a new Linux kernel, which greatly reduced issues with hardware compatibility for PBA. Information about the Linux kernel changes can be found in the ZENworks - Full Disk Encryption Update Reference reference.

Hardware compatibility is enabled through the use of the default Linux boot method and two alternative boot options for support. These alternative boot methods, as well as specific hardware settings, are defined through the use of a DMI (Direct Media Interface) file. Alternative boot methods include Simple PBA and Graphical PBA (UEFI firmware only). There is also an option to configure the PBA resolution. Graphical PBA and PBA resolution are particularly useful for tablet devices.

Configuration entries for these three DMI file options include the following:

  • Simple PBA: KERNEL=[SDP_KERNEL_SIMPLE_PBA]

  • Graphical PBA: KERNEL=[SDP_KERNEL_SIMPLE_PBA_GUI]

  • PBA Resolution:You can use the default setting or a custom configuration:

    • Default: PBA_RESOLUTION=DEFAULT

    • Custom: PBA_RESOLUTION=<explicit resolution>

The predefined file includes the default settings shown below. It is applied to all hardware configurations unless another configuration is explicitly defined in the file.

[default]
KERNEL=[SDP_KERNEL_DEFAULT]
KICKSTART=BIOS
PBA_RESOLUTION=DEFAULT

Any hardware configurations added to the DMI settings, after the default settings, will override differences in the default settings only on devices that match that type of hardware. For example:

[LENOVO, 20BS006*]
DMI_SYS_VENDOR=LENOVO
DMI_PRODUCT_NAME=20BS006
KICKSTART=BIOS
KERNEL=[SDP_KERNEL_SIMPLE_PBA_GUI]
PBA_RESOLUTION=1920x1280

To edit the DMI settings, you have to have the Advanced Configuration radio button selected. For more information, see Editing the Advanced Configuration.

A.5.2 Discovering Hardware Information

Before you can add a hardware configuration to the DMI file, you must know the hardware configuration. ZENworks provides a utility, DMICONFIG, to discover this information.

  1. Go to the device whose hardware configuration you want to discover.

  2. Open a command shell (run as Administrator) and run c:\windows\nac\sbs\dmiconfig dump.

  3. Write down the configuration lines that were dumped to the screen.

A.5.3 Editing the Advanced Configuration

If you are adding a hardware configuration, make sure you have the configuration information (see Discovering Hardware Information).

On the -Boot Method page of the Create New Disk Encryption Policy wizard or from the PBA Boot Method tab on the Details page of an existing policy:

  1. Select Advanced Configuration, and click Edit.

  2. Add the hardware information.

  3. Add the KICKSTART line with the method you want to use:

    • KICKSTART=BIOS: This is the standard method used by the ZENworks PBA and is for systems that have unusual hardware configurations. This method reboots the computer a second time so that the BIOS hardware settings can be passed to Windows.

    • KICKSTART=KEXEC: This method is similar to KICKSTART=BIOS but does not require a second reboot.

  4. Customize the boot option and PBA resolution, if applicable:

    • If you want PBA authentication using Simple PBA (no graphical interface), add the following line: KERNEL=[SDP_KERNEL_SIMPLE_PBA]

    • If you have hardware types that display the PBA screens with distorted resolution you can modify the resolution using one of the following options:

      PBA_RESOLUTION=DEFAULT

      -or-

      PBA_RESOLUTION=<explicit resolution>

      For example: PBA_RESOLUTION=1200x800

      NOTE:The x in the resolution parameter must be a lowercase x.

  5. Click OK to save your changes. See below for an example of a customized DMI configuration:

    [LENOVO, 20BS006*]
    DMI_SYS_VENDOR=LENOVO
    DMI_PRODUCT_NAME=20BS006
    KICKSTART=BIOS
    KERNEL=[SDP_KERNEL_SIMPLE_PBA]
    PBA_RESOLUTION=DEFAULT