The “Transfer Key to OS using Persistent Storage” option in the Advanced Options panel within the Boot Configuration Settings in an SES Windows Device Profile is specifically designed for PBLU (the Pre-Boot for UEFI Linux-based environment).
It defines a way that pre-boot may transfer sensitive data between these PBLU and the Windows loader environment, which may be the solution required where the specific hardware resets NVRAM (Non-Volatile Random Access Memory) between these two phases.
Normally this sensitive information is passed in NVRAM, where it can be picked up and used by the Windows loader to get the Encryption key to the SecureDoc Windows-level encryption filter driver, permitting the WIndows environment to start loading decrypted information from the encrypted drive into memory so that Windows can load and the user can get on with his work in the Windows environment.
By default this Boot Configuration option is disabled, but on some systems PBLU may not work.
The symptom of this is that, after successfully passing authentication and restarting instead of getting into Windows the user will see the Pre-Boot login screen again.
In such cases. use of the “Transfer Key to OS using Persistent Storage” option helps to make PBLU workable.
Note however that enabling this option makes a system less secure, since the information will have been stored to the hard drive (persistent storage) that will not be negatively impacted by an NVRAM reset. It will subsequently be wiped from that location, but there is some (albeit minor) risk that this data could be found under certain circumstances.
Also note that this option is irrelevant for PBU environments.
1679
- Updated on Feb 6, 2026
- 1 minute(s) read
- VN
Was this article helpful?