(EN) Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agentstores policy data within a BIOS of the client. The BIOS agent is one or more software modulesoperating in the BIOS of the client. The policy data describes one or more security policieswhich the client is to follow. In response to the client following at least one of the one or moresecurity policies a persistent storage medium of the client is locked by instructing a controller ofthe persistent storage medium to deny to any entity access to data stored on the persistentstorage medium unless the entity supplies to the controller a recognized authenticationcredential. In this way a malicious user without access to the recognized authenticationcredential cannot access the data stored on the persistent storage medium even if the persistentstorage medium is removed from the client.