BIOS Facts, Security, Settings 3.4

What is the maximum drive size supported by UEFI?

Drives larger than 2.2 terabytes.

How does UEFI improve security compared to BIOS?

Protects against bootkits (malware targeting the boot process).

What type of drivers does UEFI support that BIOS does not?

64-bit firmware device drivers.

What compatibility does UEFI have with older systems?

Both BIOS and UEFI hardware.

What is “flashing” in the context of UEFI?

The process of updating UEFI to add new features or fix issues.

Where is the BIOS stored?

In a ROM (Read-Only Memory) chip on the motherboard.

What size range is typical for BIOS chips?

From 265 KB to 1 MB.

What is an Option ROM (OpROM)?

A BIOS chip found on expansion cards like video cards.

What does BIOS flashing do?

It updates the BIOS to support new hardware and add features.

What replaced CMOS chips in modern systems?

EEPROM replaced CMOS chips for storing BIOS/UEFI settings.

What kind of memory is EEPROM?

Non-volatile memory that allows individual bytes to be erased and reprogrammed.

When did EEPROM start being used for BIOS?

Became common in BIOS chips after 1994.

What advantage does EEPROM provide for BIOS updates?

Allows BIOS to be updated without opening the computer or removing chips.

What settings are stored in CMOS (now EEPROM)?

Hard disk types, boot device order, system hardware settings, and passwords.

How do you access CMOS settings?

By pressing keys like Delete, F1, or F2 during system startup to open the CMOS editor.

What does the CMOS battery do today?

It powers the real-time clock when the system is off.

What kind of power does the CMOS battery supply?

Very low power, about 1 millionth of an amp, lasting for years.

How can you reset a forgotten BIOS/UEFI password?

By removing or adjusting a jumper on the motherboard.

What system resources are configured after POST?

Allocated to plug-and-play devices based on CMOS and device information.

Why is it important to connect to a UPS before flashing BIOS?

A power outage during flashing can corrupt the BIOS and prevent the system from booting.

Administrator Password

(sometimes called the supervisor or setup password) is required to access and modify BIOS/UEFI settings.

User Password

(sometimes called the system or power on password) is required to boot the OS; the administrator password can also start the system.

BIOS/UEFI Password

Offers a limited degree of protection and can typically be cleared by removing the motherboard battery or setting a motherboard jumper.

Tampered Administrator Password

If you have set an administrator password and then find the password is no longer set, you know that someone has tampered with the system.

Chassis Lock

Prevents users from opening the case to reset passwords.

Drive Locking

Sets a password on the system hard disk. Some motherboards allow this practice.

Drive Locking Passwords

User and master. The passwords are set by using the motherboard's BIOS/UEFI configuration program.

Password Storage

Passwords in drive locking are saved on the hard disk, but you cannot read the passwords from the disk.

Password Movement

Passwords moves with the disk. You cannot move the drive to another system to access the disk without the password.

Disk Format Protection

You cannot format the disk to remove the passwords.

User Password Troubleshoot

If forgotten, use the master password to access the drive. If you do not know either password, you cannot access any data on the drive.

Incorrect Attempts

Most drive locking systems allow a limited number of incorrect password attempts. After that time, you must restart the system to try entering additional passwords.

Default Master Password

Some systems ship with a default master password already set. However, the password (if it exists) is not publicly available, and you cannot obtain it from the disk manufacturer.

Chassis Intrusion Detection

Helps to identify when a system case has been opened. A sensor switch is located inside the system case.

Chassis Intrusion Detection Message

When the case cover is removed, the switch sends a signal to the BIOS/UEFI. A message is displayed on the screen at startup or might only be visible from within the BIOS/UEFI configuration program.

Trusted Platform Module (TPM)

A special chip on the motherboard that generates and stores cryptographic keys.

TPM Initialization

You can use the BIOS/UEFI configuration program to initialize the TPM and set a TPM owner password. TPM requires the owner password to manage TPM settings.

TPM Key

A unique key on the chip for hardware system identification.

TPM Hardware Verification

Generates a hardware-based cryptographic key to verify system integrity and block booting if hardware changes.

TPM Encryption Keys

Applications can use the TPM to generate and save encryption keys.

LoJack

A mechanism that secures systems prone to being stolen, such as notebook systems, and can be used to recover a stolen system.

LoJack Location Reporting

A service running on the computer periodically contacts a LoJack server at the vendor's site to report its current location using GPS coordinates.

LoJack Stolen System Updates

Queries LoJack headquarters to see if the system is reported as stolen and continuously updates the server with its current location if the system is stolen.

LoJack Software Download

The motherboard chip has a downloader that installs LoJack as a Windows service, not the full software.

UEFI Digital Signature

Requires firmware updates to be digitally signed by the hardware vendor, detecting unauthorized changes to firmware updates (e.g., malware insertion).

SecureBoot

Requires the operating system installed on the system hard drive to be digitally signed. By default, UEFI will not boot the operating system if it isn't digitally signed.

Rootkit Protection

Secure Boot blocks rootkits that load before anti-malware software.

Accessing BIOS keys

Common keys to enter BIOS/UEFI setup: Del, F2, F10, Esc (varies by manufacturer).

Hyper-V on Windows

Microsoft’s built-in hypervisor for creating and running virtual machines (VMs).

VMware Workstation

A popular third-party tool for professional-grade virtual machine creation.

VirtualBox

An open-source tool for creating VMs, supports Windows, Linux, and macOS hosts.

Fast Startup in Windows

Feature that speeds up boot time but may prevent normal BIOS access.

Bypassing Fast Startup

Restart Windows, then press Shift + Restart to access UEFI settings directly.

Interrupting boot process

Boot three times to force advanced recovery options and BIOS access.

Backing up BIOS configuration

Save BIOS settings manually by taking notes, screenshots, or exporting config.

Primary boot sequence

Controls device order for booting — common devices: HDD/SSD, USB, network.

USB permissions in secure environments

Strict control or disabling of USB ports to prevent data theft or malware infection.

Devices section in BIOS

Area in BIOS to enable or disable hardware like network cards, USB ports, etc.

Jumping BIOS

Shorting jumpers on motherboard to clear BIOS settings or reset password.

Clearing Real-Time Clock (RTC)

Clearing the CMOS battery or jumper to reset BIOS and system clock.

Persistent memory

Memory that retains data even without power; combines RAM speed with storage durability.

Versatile memory

Memory technology designed for flexibility between volatile and non-volatile functions.

HSM (Hardware Security Module)

Hardware device or plug-in card for managing and backing up encryption keys securely.

Cryptographic accelerators

Hardware components built into CPUs/chipsets that speed up encryption/decryption tasks.