SafeGuard Easy multi-platform 4.5x
Windows XP SP2 Professional Edition
Why is it not possible to setup a fingerprint for login to the PBA of SafeGuard Easy (SGE) on a Lenovo notebook?
Overall Lenovo uses four main types of fingerprint technology in their models:
1. UPEK Sensor with Companion Chip
Mostly used in todays T series and other high level Lenovo hardware. This is supported by SGE in the PBA.
The SGE secrets necessary for booting are stored in the companion chip which only unlocks the secrets after a successful finger swipe.
2. UPEK Sensor without Companion Chip
Mostly used in Lenovo's cheaper R and A series. This is not supported by SGE in the PBA.
Without such a companion chip the secret would have to be stored on the harddisk or in an unprotected motherboard flash memory. Thus any biometric SGE solution on this hardware would be less secure than the normal password solution and comparable to PBA-off mode. So the customer could anyway use today SGE in PBA off mode together with the finger wipe from BIOS. This gives the same type of user experience like if SGE would ask for the fingerprint and, since we don't have the companion chip available, also the same type of security. Alternatively the customer could use the password logon mode of course.
3. Authentec Sensor with security logic
This will be used in future T series and other high level Lenovo hardware instead of UPEK with companion chip. At the moment only in some Lenovo 3000 models. This is and will not be supported by SGE in the PBA.
4. Authentec Sensor without security logic
Planned for future low cost Lenovo models. From the security level, this is comparable to the cheap UPEK solution, so we currently do not plan to support this in other ways than with PBA-off + BIOS Fingerprint or password instead of biometry.
keywords: T300 T400 T500