The BIOS might support many different security features to protect BIOS settings and data on the hard drive, and also help recover the computer if it is stolen. There are several common security features found in the BIOS.
BIOS passwords - Passwords allow different levels of access to the BIOS settings, as shown in the figure.
- Supervisor Password - This password can access all user-access passwords and all BIOS screens and settings.
- User Password - This password becomes available after the Supervisor Password is enabled. Use this password to define the level of access to users.
These are some common levels of user access:
- Full Access - All screens and settings are available, except the supervisor password setting.
- Limited - Changes can be made to certain settings only, for example, the time and date.
- View Only - All screens are available, but no settings can be changed.
- No Access - No access is provided to the BIOS setup utility.
Drive encryption - A hard drive can be encrypted to prevent data theft. Encrypting changes the data into code that cannot be understood. Without the correct password, the computer does not boot, and the computer cannot decrypt the data. Even if the hard drive is placed in another computer, the encrypted data remains encrypted.
Trusted Platform Module - The TPM chip contains security items, such as encryption keys and passwords.
Lojack - This is a two-part system for protecting computers from Absolute Software. The first part is a program called the Persistence Module that is installed in the BIOS by the manufacturer. The second part is a program called the Application Agent that is installed by the user. When the Application Agent is installed, the Persistence Module is activated. The Persistence Module installs the Application Agent if it is removed from the computer. The Persistence Module cannot be turned off after it is activated. The Application Agent calls the Absolute Monitoring Center over the Internet to report device information and location on a set schedule. If the computer is stolen, the owner can contact Absolute Software and perform the following functions:
- Lock the computer remotely.
- Display a message so that a lost computer can be returned to the owner.
- Delete sensitive data on the computer.
- Locate the computer using geotechnology.