Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tom_Heesmans
Participant

Smartcard FDE pre-boot authentication

Hi guys,

Does anyone have experience with using a smartcard to unlock the pre-boot of Sandblast FDE?

I've enabled the feature in the end-point console, when entering my smartcard it switches the login screen to enter my PIN. However when I enter the PIN it does not unlock.

The smartcard has a user certificate on it to authenticate on Windows, which is working fine. 

I don't have that much experience with smartcards and CheckPoint so I was wondering if I need a specific certificate (like EFS) or that any of you have any experience using this.

I would also think that the driver is correct because it switches to the PIN and when I use another type of smartcard it does not switch, so cannot read the smartcard.

Any help would be appreciated!

6 Replies
PhoneBoy
Admin
Admin

In older versions (ones no longer supported), there was a bug with PINs of a certain length.

Not sure that's still relevant.

It's probably a good idea to involve the TAC in this.

0 Kudos
Tom_Heesmans
Participant

Thanks for the response, this however is not an older version and the pin is only 4 digits in lenght for testing.

We'll probably need TAC but I have some great experiences with this community and was hoping for the small simple remark that will point is in the right direction. My guess is that this is something simple that we are overlooking.

0 Kudos
PhoneBoy
Admin
Admin

I'll see if I can get an expert in this area to comment Smiley Happy

0 Kudos
KatiaCruz
Employee
Employee

@Tom_Heesmans, I just found your post and I'm wondering how you resolved the issue described.

After switching from password to smartcard authentication in the FDE preboot today, I get an "Invalid Logon" message in the client, and a "No Smartcard users configured" in the logs on the management. I did some testing and my scenario matches your description.

I know it has been a while, but I'll appreciate it if you can share anything you remember. 🙂

0 Kudos
Tom_Heesmans
Participant

For us this eventually came down to an incompatible driver for the smartcard reader. It should have been compatible according to the documentation but after examination from dev-ops this was not the case. Our smartcard readers where from Thales (formaly Gemalto) and CheckPoint collaborated with them to integrate the correct driver. Everything is working as expected now.

0 Kudos
KatiaCruz
Employee
Employee

Good to know, @Tom_Heesmans. I will double-check if the smartcard reader driver is the right one in my case. We ended up using a generic one from the list provided during configuration.

Thanks for your response! 

0 Kudos