none
UEFI Firmware Password needed or not? RRS feed

  • Question

  • I have BitLocker encryption enabled on my Windows drive. My questions is, is a UEFI password needed to prevent changes to the UEFI settings?

    I never travel with my laptop, and I only use the laptop at home.

    I have BitLocker with TPM-Only.

    So even in case an attacker steals my laptop and tries to reset or clear the TPM settings, they will or should get the BitLocker Recovery prompt. My BitLocker keys are stored in a very secured location as well.

    I also have Secure Boot enabled, but Secure Boot has nothing to do with data locally stored on my hard drive because Secure Boot only checks if the boot codes are signed or not. Correct me if I am wrong.

    So, would my data be still secure without having to set a Firmware/UEFI password to prevent changes to the settings in the firmware?

    So, all I need is a Yes or No answer.

    Thanks in advance!

    Wednesday, September 26, 2018 5:26 AM

All replies

  • If you secure the BIOS with password, still that can be accessed by resetting with different applications.If thieves remove the hard drive and put it into another computer, they have access to any files you have stored on it. In that case BIOS password is useless.

    Encrypting Hard Disk is just fine.A simple solution is to save any important documents to the cloud.


    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Thursday, September 27, 2018 2:28 AM
  • Hi,

    No. Most people shouldn’t need to set a BIOS or UEFI password. If you’d like to protect your sensitive files, encrypting your hard drive is a better solution. Just like the BitLocker encryption you're using. Save your BitLocker key and recovery key safely.

    A TPM is a hardware component that uses its own internal firmware and logic circuits for processing instructions, thus shielding it from external software vulnerabilities. Attacking the TPM requires physical access to the computer.

    BIOS and UEFI passwords are particularly ideal for public or workplace computers. They allow you to restrict people from booting alternative operating systems on removable devices and prevent people from installing another operating system over the computer’s current operating system.

    Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 27, 2018 9:18 AM
    Moderator
  • Hi,

    Haven't received your message a few days, was your issue resolved?
    I am proposing previous helpful replies as "Answered". Please feel free to try it and let me know the result. If the reply is helpful, please remember to mark it as answer which can help other community members who have same questions and find the helpful reply quickly.
    Best regards,
    Carl


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, September 30, 2018 4:11 AM
    Moderator