0

I have a Dell PowerEdge T350 server. I enabled TPM and Secure Boot as well. For these I needed to specify a BIOS password (which I would have done anyway). What startles me is that the server keeps asking for a BIOS password at every freakin boot, even when I don't want to enter the BIOS (most of the time I don't want). I expect to be prompted for a BIOS password only asked for when I want to actually enter the BIOS. Not every time.

I don't see right away which BIOS settings control that and I tried various search phrases but I only get to articles which tell me how to set a password in the BIOS. The server itself is pretty "standard": one OS (Windows Server 2022), UEFI BIOS, I haven't changed much in the BIOS besides TMP and Secure Boot, apart from also enabling SGX under the TPM.

Related Dell community forum entry

enter image description here enter image description here enter image description here enter image description here enter image description here

Csaba Toth
  • 277
  • 1
  • 5
  • 15
  • what are the available options for secure boot policy and secure boot mode – Jaromanda X Apr 26 '23 at 01:28
  • @JaromandaX Secure Boot Policy: Standard / Custom. When I switch to custom via iDRAC nothing extra happens on the web GUI (since I'm not physically sitting at the console I don't see the BIOS's help or how it reacts). Secure Boot Mode: User Mode / Audit Mode / Deployed Mode – Csaba Toth Apr 26 '23 at 01:36

2 Answers2

1

I'm almost sure that it's gonna be what @DELL-Joey C pointed out in the dell forums: I'm almost certain that I set the system BIOS password, whereas what I want is to set the BIOS setup password - that would be the one which is only prompted if I'd want to enter the BIOS. The system password is prompted all the time.

Now I just have to figure out how to clear the system BIOS password through the iDRAC web GUI. I clear the SHA and the slat fields but they keep popping back after I Apply my changes.

Update: I was not able to clear the system password via iDRAC web. However sitting at the console physically we were able to set the setup password and then clear the system password (without turning of Secure Boot or TPM). Problem solved.

Csaba Toth
  • 277
  • 1
  • 5
  • 15
  • This may not be possible to clear via the iDRAC web. Another thing to figure out: is it even possible to not have a system password when the Secure Boot is turned on. If I recall correctly when I turned Secure Boot on I was forced to specify a password. – Csaba Toth Apr 27 '23 at 18:47
  • I highlighted the most important keywords (type of passwords) – Csaba Toth May 02 '23 at 00:10
0

The BIOS password is in fact is a BIOS POST password, the password is stored directly on the BIOS chip. Since it relies on POST and also controls the system initialization, it will asks for password everytime the POST procedure happens. If you want to continue to use this password, you need to input it in order to boot your system.

https://wiki.archlinux.org/title/security#Locking_down_BIOS

https://www.techtarget.com/searchenterprisedesktop/definition/BIOS-password

Arrow Root
  • 102
  • 11
  • This is generic and not applicable to my case – Csaba Toth Apr 27 '23 at 06:59
  • It is exaclty your case, you are using a BIOS password, not a BIOS setup password. If you want to continue to use it, you'll be prompted to input password each time the system boots. – Arrow Root Apr 27 '23 at 12:26
  • Both the system and the setup passwords are BIOS passwords. You didn't mention system or setup passwords, just quoted some generic stuff I also found with my searches, it didn't help – Csaba Toth Apr 28 '23 at 15:55
  • Do you understand the password you set is stored in a place that relies on the POST proccess? Do you understand that since your password relies on POST, everytime you reboot your system it will ask for the password you set? – Arrow Root May 01 '23 at 12:20
  • Have you actually read the solution? I think you are in a write-only mode. Please take just 30 seconds to read the marked answer. With that solution the system is now booting without asking for a password (surprise), and only asks for it if I'd want to actually enter the BIOS. The BIOS does not always have to ask for a password, it depends on the BIOS type and which password you set exactly. – Csaba Toth May 02 '23 at 00:05
  • I highlighted the keywords which led me to the answer. – Csaba Toth May 02 '23 at 00:10
  • I didn't figured out that answer is a solution, because it isn't marked as one so I just didn't read. My bad. I'm happy you was able to solve it. – Arrow Root May 02 '23 at 12:02