During a recent demonstration of Intel vPro Technology, I experienced the following:
- Used Intel vPro Technology to reboot a remote client
- The client was encrypted via PGP Whole Disk Encryption (WDE)
- After the reboot, I connected to the client via the KVM remote control feature of Intel vPro Technology using RealVNC Viewer Plus
- At the PGP passphrase pre-boot authentication screen, I had no keyboard interaction via the RealVNC session.
Understanding why this happened provides some further insights to what is occurring physically in the hardware.
The KVM remote control features relies upon USB injection for the keyboard and mouse interaction, meaning that it appears as a USB keyboard\mouse to the local system. A USB device needs to be enumerated, and this occurred during the BIOS POST at startup. Since the KVM remote control session via RealVNC Viewer Plus to the Intel vPro Technology hardware had not yet occurred, the USB injection occurred after the BIOS had enumerated\detected an external USB keyboard. The PGP passphrase screen uses the BIOS enumeration, thus it does not see any of the keystrokes from the KVM remote control session in this scenario. Remember that a BIOS is single threaded and simplistic (hence the acronym "BIOS" for "Basic Input Output System")
To recover from this situation, one approach is to open the RealVNC session for KVM remote control prior to rebooting the Intel vPro Technology client. Upon startup, the BIOS will enumerate the USB connections which were temporarily applied for the KVM remote control session. This is shown in the following example:
The same situation may occur even if a live operating system is running on the Intel vPro Technology client. A new operating system may not immediately recognize KVM remote control input as it needs to react to the interrupt generated when the first KVM session occurs and a new USB keyboard device appears. The operating system enumerates that USB device, identifies it as a USB keyboard and loads the appropriate driver as needed. The first session might be rough, but once the keyboard has been detected subsequent sessions will go smoother.