Comprehensive BIOS Overview and Configuration Guide

Sep 21, 2024

BIOS Overview and Configuration

Accessing BIOS

  • BIOS loads when a computer starts.
  • Access BIOS configuration by pressing a specific key during startup (e.g., Delete, function keys).
  • Virtualization software like Hyper-V and VMware Workstation Player can allow BIOS access in Windows.
  • VirtualBox does not provide BIOS access.
  • UEFI BIOS simulators available online for offline simulation.

Fast Startup in Windows

  • Windows 8, 10, and 11 use Fast Startup, which prevents BIOS access at boot.
  • Fast Startup puts the system in a hibernated state rather than a full shutdown.
  • Bypass Fast Startup by holding Shift while clicking Restart or adjusting settings in Update & Security.
  • Interrupt the boot process three times to disable Fast Startup.

BIOS Configuration and Backup

  • It’s crucial to backup BIOS settings before making changes (notes, photos).
  • Incorrect BIOS changes can lead to boot failures.

BIOS Boot Sequence and Hardware Control

  • Control boot sequence (e.g., USB, SSD, hard drive) and hardware availability.
  • Disable specific hardware (e.g., USB ports) for security purposes.
  • Example: USB ports disabled by the U.S. Department of Defense in 2008 due to a security breach.

Cooling and Fan Control

  • BIOS settings can manage fan activity to control system temperature.
  • Integrated fan controllers adjust airflow based on system temperature.

Secure Boot

  • Part of UEFI specification, prevents unauthorized changes by verifying digital signatures.
  • Requires a digital signature from the OS manufacturer.
  • Secure Boot option available in BIOS settings.

BIOS Password Protection

  • User and supervisor passwords can restrict BIOS and OS access.
  • Passwords are stored in BIOS, not the OS.
  • Forgotten BIOS passwords may require resetting the BIOS via jumpers.

BIOS Reset and CMOS

  • Modern BIOS settings stored in flash memory, not CMOS, but terms still used.
  • Reset BIOS using motherboard jumper (e.g., CLRTC jumper).
  • Motherboard batteries maintain date and time settings.

Trusted Platform Module (TPM) and Cryptographic Functions

  • TPM provides cryptographic functions and key management (e.g., full disk encryption).
  • TPM is secure against brute force attacks.
  • BIOS settings allow TPM configuration.

Hardware Security Module (HSM)

  • HSMs manage cryptographic keys and provide cryptographic acceleration.
  • Can be standalone devices or adapter cards.
  • Used for secure key management and can offload server cryptographic tasks.