🔧

Understanding BIOS Configuration and Security

Apr 3, 2025

BIOS Overview and Configuration

Accessing BIOS

  • BIOS loads when the computer starts.
  • Access BIOS setup using specific keys during startup (e.g., Delete key, Function keys, sometimes a key combination).
  • For virtualization (e.g., Hyper-V, VMware Workstation Player), BIOS can be accessed via the software.
  • VirtualBox does not provide BIOS access.
  • Alternatives include online UEFI BIOS simulators.

Fast Startup in Windows

  • Windows 8, 10, 11 have Fast Startup enabled by default.
  • Avoids traditional boot by hibernating system on shutdown.
  • To access BIOS:
    • Hold Shift + Restart in Windows.
    • Disable Fast Startup via Settings > Update & Security > Recovery > Advanced Startup.
    • Interrupt boot process 3 times to access normal boot.

BIOS Configuration Management

  • Backup BIOS settings before changes.
  • Some BIOS allow download of configurations.
  • Notes and photos of settings recommended.

BIOS Functions

  • Hardware Control: Enable/disable hardware access.
  • Boot Sequence: Configure boot device order (e.g., USB, SSD, HDD).
  • Security and Protection:
    • Disable USB (to prevent data leakage/infectious access).
    • Example: 2008 US Department of Defense USB ban due to Silly FDC worm.

Cooling and Performance

  • BIOS can control system fans and cooling.
  • Options for performance vs. quieter systems.

Secure Boot

  • Part of UEFI specification.
  • Ensures boot process hasn’t been modified by malware.
  • Requires a digital signature for the operating system.

Password Security

  • User and supervisor passwords restrict BIOS access and changes.
  • Passwords stored on BIOS, not OS; BIOS reset needed if forgotten.

BIOS and Memory

  • Configuration stored in flash memory on motherboard.
  • Legacy reference to CMOS is outdated.
  • BIOS reset via motherboard jumper.

Battery on Motherboard

  • Maintains date/time settings when system is off.
  • Removing battery does not reset BIOS configurations in modern systems.

Trusted Platform Module (TPM)

  • Provides cryptographic functions, key storage, and security.
  • Changes to TPM configuration made in BIOS.

Hardware Security Module (HSM)

  • Manages cryptographic keys securely.
  • Available as an appliance or adapter card.
  • Can have cryptographic accelerators.

These notes summarize key points about the BIOS, its configuration, and relevant security and hardware management features discussed in the lecture.

Full transcript