How I can to protect BIOS settings?

Konstantin
Konstantin New Member Posts: 5

Hi, I just updated BIOS to latest revision. Changed admin password, but... here is still to able to enter in BIOS settings as user, so this admin password looks like no usefull in BIOS settings protection.
And when user password is setted - it prevent to normal boot OS.
How it can be fixed?

Comments

  • Klez
    Klez New Member Posts: 3

    I´m bumping this thread because I´m having this exact problem with current UP board BIOS version.

    At the company I work we have many UP-Squared units and I need to protect some specific settings in the BIOS for security reasons.
    I upgraded firmware to latest: UP-APL01 R5.0 (UPA1AM50) (12/17/2019)

    If I set up a BIOS admin password, the normal user is still able to enter BIOS pressing enter with blank password. If this happens a malicious user can mess with all the boot options.
    On the other hand, if I also set a user password it prevents normal boot because always asks for a password when booting.

    The descriptive text in the Bios section "SECURITY" is misleading because the admin password does not limit access as normal user:

    If ONLY the Administrator's password is set,
    then this only limits access to Setup and is
    only asked for when entering Setup.
    If ONLY the User's password is set, then this
    is a power on password and must be entered to
    boot or enter Setup. In Setup the User will
    have Administrator rights.

    Please upgrade UP board Bios so access can be password protected but allowing normal boot of the computer.
    Thanks

  • rogertsai(AAEON)
    rogertsai(AAEON) New Member Posts: 350 ✭✭✭

    @Klez
    Yes, this is the BIOS security rules.
    In your case, the only way to limit access for normal user is to remove the user mode in BIOS, and it need customized BIOS.

  • krishnaorakkan
    krishnaorakkan New Member Posts: 8

    Hi @Klez

    As mentioned by @rogertsai(AAEON) you would require customized BIOS. if you would like that, you can purchase from our shop " https://up-shop.org/18-software "

    Thanks

  • Klez
    Klez New Member Posts: 3

    Thank you for your answers. I'll pass this info to my managers so they can take a decision.

  • dawpud
    dawpud New Member Posts: 1

    I know this is an old thread, but I also have this issue. Despite the BIOS saying there will only be a Power-On password when ONLY the user password is set, there is always a Power-On password as long as the user password is set (even with an admin password). This is a huge security issue as anyone can access the BIOS with user privileges and change the boot order.

    The custom BIOS link @krishnaorakkan linked to is broken and the only BIOS service I could find is $250 just for a custom splash image. Are there any other solutions? This has been an issue for over 3 years, and I am unsure what others have been doing to mitigate this blatant security risk.

    @Klez did you find any solution to this problem?

    I am new to this forum. Please let me know if I should reopen this issue in a new thread. Thanks!