BIOS Overview and Configuration

Accessing BIOS

• BIOS loads when a computer starts.
• Access BIOS configuration by pressing a specific key during startup (e.g., Delete, function keys).
• Virtualization software like Hyper-V and VMware Workstation Player can allow BIOS access in Windows.
• VirtualBox does not provide BIOS access.
• UEFI BIOS simulators available online for offline simulation.

Fast Startup in Windows

• Windows 8, 10, and 11 use Fast Startup, which prevents BIOS access at boot.
• Fast Startup puts the system in a hibernated state rather than a full shutdown.
• Bypass Fast Startup by holding Shift while clicking Restart or adjusting settings in Update & Security.
• Interrupt the boot process three times to disable Fast Startup.

BIOS Configuration and Backup

• It’s crucial to backup BIOS settings before making changes (notes, photos).
• Incorrect BIOS changes can lead to boot failures.

BIOS Boot Sequence and Hardware Control

• Control boot sequence (e.g., USB, SSD, hard drive) and hardware availability.
• Disable specific hardware (e.g., USB ports) for security purposes.
• Example: USB ports disabled by the U.S. Department of Defense in 2008 due to a security breach.

Cooling and Fan Control

• BIOS settings can manage fan activity to control system temperature.
• Integrated fan controllers adjust airflow based on system temperature.

Secure Boot

• Part of UEFI specification, prevents unauthorized changes by verifying digital signatures.
• Requires a digital signature from the OS manufacturer.
• Secure Boot option available in BIOS settings.

BIOS Password Protection

• User and supervisor passwords can restrict BIOS and OS access.
• Passwords are stored in BIOS, not the OS.
• Forgotten BIOS passwords may require resetting the BIOS via jumpers.

BIOS Reset and CMOS

• Modern BIOS settings stored in flash memory, not CMOS, but terms still used.
• Reset BIOS using motherboard jumper (e.g., CLRTC jumper).
• Motherboard batteries maintain date and time settings.

Trusted Platform Module (TPM) and Cryptographic Functions

• TPM provides cryptographic functions and key management (e.g., full disk encryption).
• TPM is secure against brute force attacks.
• BIOS settings allow TPM configuration.

Hardware Security Module (HSM)

• HSMs manage cryptographic keys and provide cryptographic acceleration.
• Can be standalone devices or adapter cards.
• Used for secure key management and can offload server cryptographic tasks.