Server (BIOS)

Why use a BIOS or UEFI Password to lock down and Secure a Server?

A Server BIOS password can prevent unintended or malicious users from accessing the BIOS and changing the how a system can be accessed or booted before the operating system starts, and its Security (access list control system) begins.

Without a Password in Place, a person could insert a removable device like a USB drive, CD, or DVD with an operating system on it. They could boot from that device and access a live Linux desktop — if your files are unencrypted, they could access your files. A Windows user account password doesn’t protect your files. They could also boot from a Windows installer disc and install a new copy of Windows over the current copy of Windows on the computer.

You could change the boot order to force the computer to always boot from its internal hard drive, but someone could enter your BIOS and change your boot order to boot the removable device.

A BIOS or UEFI firmware password provides some protection against this. Depending on how you configure the password, people will need the password to boot the computer or just to change BIOS settings.

Of course, if someone has physical access to your computer, all bets are off. They could crack it open and remove your hard drive or insert a different hard drive. They could use their physical access to reset the BIOS password — we’ll show you how to do that later. A BIOS password still does provide extra protection here, particularly in situations where people have access to a keyboard and USB ports, but the computer’s case is locked up and they can’t open it.