• Para_lyzed
    link
    fedilink
    1
    edit-2
    10 months ago

    Just wanted to add that your BIOS password can be circumvented by taking out the CMOS battery. That will clear all your settings and allow unrestricted access. A BIOS password should absolutely never be used as a form of security, it is trivial to bypass.

    Granted, I don’t believe that the TPM will give the key if secure boot were disabled, I just wanted to mention that BIOS passwords don’t do anything against any real attack.

    • asudoxOP
      link
      fedilink
      1
      edit-2
      10 months ago

      I also want to add that the TPM will request the recovery key if the BIOS goes back to factory defaults. I also think changing the secure boot setting might trigger it. If that’s the case then a BIOS password is pretty useless.

      • Para_lyzed
        link
        fedilink
        1
        edit-2
        10 months ago

        I believe that the TPM will refuse to provide keys after secure boot is disabled, but I didn’t intend to imply that it could be used to bypass TPM decryption or anything. Just as an aside that BIOS passwords are effectively useless at preventing access to the BIOS.

        • asudoxOP
          link
          fedilink
          110 months ago

          It does seem like most of the TPMs indeed do not provide the keys if secure boot is disabled. Sorry for the misunderstanding.