BIOS/UEFI

Question 1

BIOS (Basic Input Output System):

Answer 1

A program stored in ROM that initializes hardware and manages data flow between the operating system (OS) and hardware.
Performs the Power-On Self-Test (POST) to check hardware functionality.
Stored settings are saved in CMOS (Complementary Metal Oxide Semiconductor).
Can be updated via a process called flashing.

Question 2

UEFI (Unified Extensible Firmware Interface):

Answer 2

Modern replacement for traditional BIOS with enhanced features.

Supports graphical interfaces and mouse input.

Advantages over BIOS:
- 64-bit support.
-Larger storage support (up to 9.4 zettabytes).
- Faster boot times.
- Supports GPT (GUID Partition Table) for larger drives.
- Better diagnostic tools and functionality.

Question 3

POST (Power-On Self-Test):

Answer 3

A diagnostic sequence verifying essential hardware like RAM, disk drives, and input/output devices.
Errors can halt the boot process and may produce beep codes indicating the issue.

Question 4

Boot Process and Order:

Answer 4

BIOS/UEFI reads the configured boot order to locate an OS.
Boot devices include:
Hard disk drives (HDDs) and solid-state drives (SSDs).
Optical drives (CD/DVD/Blu-ray).
USB drives.
Network adapters (via PXE).

Question 5

Flashing:

Answer 5

Process to update BIOS/UEFI firmware for security patches and feature enhancements.

Question 6

BIOS and UEFI Security Features:

Answer 6

Passwords for BIOS/UEFI:

Secure Boot:

USB Port Restrictions:

Comparison of BIOS and UEFI:

Question 7

Passwords for BIOS/UEFI:

Answer 7

Supervisor/Administrator/Setup Password: Protects access to BIOS/UEFI configuration settings. Common in corporate environments.
User/System Password: Locks access to the entire computer during boot. Typically used for personal computers.
Storage/Hard Drive Password: Secures access to specific drives. Less common due to TPM and HSM integration.

Question 8

Secure Boot:

Answer 8

• Supported only by UEFI, not BIOS.
• Verifies the integrity of UEFI executables, OS loader, and boot-critical drivers during the boot process.
• Prevents loading of malicious code, such as rootkits.

Question 9

Comparison of BIOS and UEFI:

Answer 9

BIOS: Legacy firmware, uses MBR for boot information.
UEFI: Modern firmware with advanced security features, supports GPT for larger drives.

Question 10

Hardware Root of Trust (ROT):

Answer 10

• Foundation for secure computing operations.
• Embedded cryptographic module ensures boot settings and metrics are trusted.
• Includes keys for cryptographic functions to support a secure boot process.

Question 11

Trusted Platform Module (TPM):

Answer 11

A hardware root of trust integrated into a system’s firmware.

Functions:

Ensures bootloader and OS kernel are not tampered with.

Stores encryption keys, digital certificates, password hashes.

Includes cryptographic capabilities:
- Random number generator.
- RSA key generator.
- SHA-1 hash generator.
- Encryption and decryption engine.

Used for full disk encryption (e.g., BitLocker).

Components:
- Endorsement Key (EK): Unique, hard-coded key.
- Storage Root Key (SRK): Secures stored data.
- Platform Configuration Registers (PCRs):Records system state.
- Attestation Identity Keys (AIKs): Used for trusted reporting.

Manageable via UEFI settings or OS tools (e.g., tpm.msc in Windows).

Question 12

Hardware Security Module (HSM):

Answer 12

Appliance for securely generating and storing cryptographic keys.

Reduces risk of tampering and insider threats.

Form factors:
- Internal cards.
- Rack-mounted systems.
- IoT devices.
- USB-like devices with embedded keys.

Applications:
- Encryption/decryption of data.
- Secure access to storage devices.

Question 13

Comparison of TPM and HSM:

Answer 13

TPM
- Purpose: Secure boot, disk encryption
- Integration: Embedded in firmware
- Form Factor: Chip on motherboard
- Key Management: Endorsement Key, SRK, A
HSM
- Purpose: Key generation and storage
- Integration: External or internal appliance
- Form Factor: Rack-mounted, USB-like, etc.
- Key Management: Encrypted storage keys

Question 14

BIOS/UEFI Cooling Configuration:

Answer 14

The process of controlling and customizing fan behavior through the BIOS/UEFI interface.

Question 15

BIOS Configuration

Answer 15

1. Language Selection:
2. System Summary:
3. Setup Modes:
4. Devices Configuration:
5. Advanced Settings:
6. Power Settings:
7. Security Settings:
8. Boot Options:
9. Save or Reset Settings:

Question 16

Language Selection:

Answer 16

Option to select the BIOS language (e.g., English, French).

Question 17

System Summary:

Answer 17

Displays system details:
CPU type, speed, and cores.
Installed memory size and bus speed.
Enabled/disabled devices (e.g., SATA drives, optical drives).

Question 18

Setup Modes:

Answer 18

Text Mode: Minimal visual interface.
Graphic Mode: For systems that support graphical BIOS.

Question 19

Devices Configuration:

Answer 19

Manage audio, video, network, USB, SATA, and Thunderbolt settings.
USB-specific configurations:
Disable all USB ports for maximum security.
Disable USB mass storage devices while allowing peripherals like keyboards and mice.

Question 20

Advanced Settings:

Answer 20

ACPI Settings:
Configure hibernation and sleep modes.
Adjust power button behavior (e.g., suspend to RAM).

CPU Configuration:
Enable/disable specific CPU cores.
Configure hyper-threading to improve performance.

Memory Configuration:
Support for ECC (Error-Correcting Code) memory.
Configure memory types (UDIMM vs. RDIMM).
Adjust memory channel modes (single, dual, triple, quad).

Question 21

Power Settings:

Answer 21

Adjust fan speeds:
Quiet Mode: Lower fan speed, higher temperatures.
Cool Mode: Higher fan speed, lower temperatures.
Balanced Mode: Moderate fan speed and temperature control.

Question 22

Security Settings:

Answer 22

Administrator Password: Restricts access to BIOS settings.
Power-On Password: Prevents unauthorized system boot.
Hard Disk Password: Secures specific drives.

Question 23

Boot Options:

Answer 23

Configure boot mode (Legacy or UEFI).
Adjust boot device priority (e.g., USB drives, SATA devices, network boot).
Disable boot options to secure the system.

Question 24

Save or Reset Settings:

Answer 24

• Use F10 to save changes and reboot.
• Use F9 to reset to factory defaults.

Question 25

UEFI Configuration

Answer 25

1. Accessing UEFI:
2. Key UEFI Features:
3. Advanced UEFI Settings:
4. Boot Options:
5. Security Settings:
6. Hardware Monitoring:

Question 26

Accessing UEFI:

Answer 26

Access UEFI by pressing a specific key (e.g., Delete, F2) during boot.
UEFI is a graphical interface that offers advanced configuration options compared to traditional BIOS.

Question 27

Key UEFI Features:

Answer 27

Settings: Basic system configuration (date, time, storage, etc.).
Overclocking Settings: Adjust CPU and memory performance at the risk of higher heat and potential hardware damage.
MFlash: Tool to flash the UEFI with updates for security, bug fixes, or new features.
OC Profile: Save and load specific UEFI configurations.
Hardware Monitor: Display system temperatures, fan speeds, and voltages.
Board Explorer: Visual representation of the motherboard showing connected components.

Question 28

Advanced UEFI Settings:

Answer 28

USB Configuration:
Legacy USB Support: Allows USB 3.0 ports to support older USB 1.0 and 2.0 devices but limits overall speed.
Integrated Peripherals:
Manage onboard devices like Wi-Fi and audio.
Configure SATA settings (e.g., AHCI mode, hot-plugging).
Overclocking:
Adjust CPU and memory speeds beyond their default ratings, risking instability and warranty voids.
Chassis Intrusion Detection:
Monitors and logs unauthorized case openings.

Question 29

Boot Options:

Answer 29

Configure boot priorities for hard drives, USB devices, network boot, etc.
Disable unused boot devices for security.

Question 30

Security Settings:

Answer 30

Administrator Password: Restricts access to UEFI settings.
User Password: Controls boot access.
U-Key: Creates a secure USB-based digital key for system access.
Trusted Computing: Configures TPM (Trusted Platform Module) for secure boot and encryption.

Question 31

Hardware Monitoring:

Answer 31

Displays real-time CPU, chipset, and system temperatures.
Shows fan speeds and voltage levels for critical components

Question 32

Key Differences of BIOS and UEFI

Answer 32

Interface: BIOS uses a simple text-based menu; UEFI offers a modern, graphical interface with mouse support.

Security: UEFI provides Secure Boot, Trusted Platform Module (TPM) integration, and chassis intrusion detection, enhancing system protection. BIOS lacks these advanced security features.

Storage and Boot: BIOS supports only MBR with a 2.2 TB limit per drive. UEFI supports GPT, enabling much larger drives and better scalability.

Customization and Monitoring: UEFI includes advanced customization options (e.g., overclocking profiles, fan controls) and detailed hardware monitoring, which are either limited or unavailable in BIOS.

Performance: UEFI has faster boot times due to its ability to initialize hardware more efficiently than BIOS.