2021/06/08 An Introduction To BIOS and BIOS Security

An Introduction To BIOS and BIOS Security


The Basics

The Basic Input Output System is a pivotal set of stored on selected chips on the motherboard. This an intermediary between a computers hardware and BIOS, the PCs operating system would have no way control of, the hardware routines in a System, which is chip and in turn the BIOS acts as its operating system. Without the to communicate with, or take each motherboard and manufacturer utilizes a different BIOS and this can cause trouble for those looking to tinker with and fully involve themselves in every aspect of their system. A fair warning that changing a systems BIOS settings without foresight can cause your system to malfunction. If this were to happen then a BIOS reset will need to be done to return to the factory settings. Many office level manufacturers like Dell limit the options available to the user in the BIOS. Most systems on boot briefly display a message describing how you can enter the program where BIOS settings are adjusted. On most systems the F1, F2, F11 or F12 will allow you to enter the setup menu.

Security Basics

The security section of the BIOS is used to keep unauthorized people from making any changes to the BIOS.

Keeping Your BIOS Secure And Ethical

A 100% Libre or in the case of Coreboot 99% Libre BIOS. As mentioned previously that when using Libre software, you in return become more Secure and Ethical. Because as the name implies Libre allows you to be free. So lets start with the Why? Many manufacturers and in turn users use non-free boot firmware. Which even if they use a FSF approved GNU/Linux operating system. A Non-free BIOS/UEFI firmware will often contain back-doors to your system that can allow government bodies and potential hackers into your system such as the Spectre and Meltdown exploits via the Intel Management Engine. It can also be slow, have bugs, and you are left to the mercy of the developers, which in many cases will not correct any problems that occur and only release a brief disclaimer after the bugs have been found and widely abused.

In contrast, Libreboot, for example is fully free software, where anyone can contribute or inspect their code to correct any and all underlying issues. Libre/Core are faster in boot time, more secure than their proprietary contemporaries and more reliable than the non-free firmware. Like standard BIOS options, Libre/Core offer many advanced features, like encrypted boot. Libre/Core De-blob and release custom patches to all open-source projects most listed on their home sites.

Now I will be from this point using Libreboot due to it being sponsored by the FSF and due to the wonderful amount of documentation on their site. Supported devices for Libreboot can be found here https://libreboot.org/docs/hardware/

I will mainly however be listing the Laptops from their site, as in my opinion Laptops are best means of being secure online due to their portability and affordability. I would recommend checking each model out on Ebay so you can see how cheap these devices can be, many range from $50.00 to $200.00 pending on condition and hardware options.

And though I dislike all Apple devices due to their own ethics, a couple are also supported.

Further reading if this is the path for you can be found here https://libreboot.org/