1

I'm trying to understand if the old school ways of bypassing a BIOS password (flip the BIOS jumper or remove the CMOS battery) still affect (some or all) modern UEFI?

If not, what protections do modern UEFI implement that prevent it?

Juicy
  • 1,407
  • 4
  • 16
  • 31
  • Depends on whether the password is stored in battery-backed RAM or flash, which itself depends on whether the machine is consumer-grade garbage or decent business-grade stuff. – André Borie Jul 14 '16 at 12:49

1 Answers1

2

I can't remember the last time I worked on a system where a CMOS battery pull reset the password. Of course, password reset jumpers or manufacturer override codes are features, and you can expect UEFI to have all the features BIOS had and then some.

Remember, though, that BIOS passwords aren't that powerful. They protect against someone with physical access to the keyboard and screen, but will fail against anyone with physical access to the machine itself. If you want to keep your data safe, you need full disk encryption controlled by a TPM and measured boot.

Reid Rankin
  • 1,062
  • 5
  • 10
  • Thanks for the reply. Could you perhaps elaborate a bit on what you mean by "measure boot"? – Juicy Jul 14 '16 at 19:31
  • 1
    Measured boot is when the TPM hashes together all the firmware and settings used when booting into its Platform Configuration Registers. It can then be instructed to seal the drive key, and only unseal it when those same values are in the PCRs. Essentially, the drive encryption key cannot be retrieved unless the same firmware and settings are loaded, so clearing the password or tampering with the boot process would make the key inaccessible. – Reid Rankin Jul 14 '16 at 20:43
  • 1
    (This is what BitLocker does when you use a TPM.) – Reid Rankin Jul 14 '16 at 20:47
  • In theory, that is correct. Practically, TMP was hacked several times. – Overmind Jul 15 '16 at 05:18
  • @Overmind The TPM compromises have nothing to do with this threat model (SRTM). – forest Dec 14 '18 at 09:09