Bios password and tpm..

Discussion in 'Fujitsu' started by Markokk888, Jun 26, 2018.

  1. Markokk888

    Markokk888 Newbie

    Reputations:
    0
    Messages:
    5
    Likes Received:
    3
    Trophy Points:
    6
    I have a S7110 laptop with a tpm and with pre boot bios password and i wonder if its possible to clear the bios password by removing the cmos battery or using the jumpers and boot directly to the os ? or when i do that the tpm also will be cleared ? there is also a master password so i wonder whats is the point of using the tpm if its so easily accessible ?

    if anyone will use master password or clear the bios password and the data on the tpm will remain anyone will have access to all my data and will able easily boot to the os so whats the point of having tpm then ?
     
  2. t456

    t456 1977-09-05, 12:56:00 UTC Moderator

    Reputations:
    1,267
    Messages:
    2,312
    Likes Received:
    1,548
    Trophy Points:
    181
    Firmware 'integrity', but it won't help protect your data. And a simple cmos reset won't clear the bios pw, but that too isn't that hard to do. Mind that we can't discuss the nitty-gritty of those methods on this forum, per The Rules, but suffice to say; don't rely on either 'security' method to protect your data.

    Disk encryption is what you should look at, anything else is just a waste of time. And that's mostly the user's, considering the number of times you're typing useless passwords ... but maybe a little less if you're using a firmware-programmable mouse :vbsmile: .
     
  3. Markokk888

    Markokk888 Newbie

    Reputations:
    0
    Messages:
    5
    Likes Received:
    3
    Trophy Points:
    6
    im using bitlocker the entire drive is encrypted with tpm and of top of that bios boot password. i'm not locked out. I'm just trying to understand how secure the laptop will be if anyone stole it.Because if the bios password will be bypassed somehow the tpm will tell the encryption keys to the os and os will boot without a problem, so is it secure ? Or should i avoid the tpm instead ?

    The real question is if someone gonna reset the bios to defaults by removing the cmos battery or entering the master password or some other way is tpm chip will be reseted to ? Or it still gonna hold the encryption keys ? If yes and the bios will no longer have any password then tpm will simply let the os to bootup without any problems. Or im wrong here ?
     
  4. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    293
    Messages:
    2,475
    Likes Received:
    1,047
    Trophy Points:
    181
    @Markokk888 AFAIK Bitlocker can be bypassed if your laptop is stolen while on/sleeping, otherwise you're pretty safe; hacking TPM is not realistic unless your TPM model was compromised (e.g. Infineon) and firmware wasn't updated.
     
  5. Markokk888

    Markokk888 Newbie

    Reputations:
    0
    Messages:
    5
    Likes Received:
    3
    Trophy Points:
    6
    Well my tpm version is 1.2 is it safe ? Its older model.
    Also i wonder how to correctly update the tpm chip software is it in firmware or in driver level ?
     
    Last edited: Jun 27, 2018
  6. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    293
    Messages:
    2,475
    Likes Received:
    1,047
    Trophy Points:
    181
    @Markokk888 there definitely are no TPM updates for your machine on Fujitsu website, so you're probably safe on the TPM side. Check TPM's hardware ID and google it, to be sure.

    p.s. your machine is vulnerable to Spectre attacks anyway and won't receive mitigations due to CPU being too old, it is not by any means secure in the long run, get a newer machine from a reputable business line if you care about security.
     
  7. Markokk888

    Markokk888 Newbie

    Reputations:
    0
    Messages:
    5
    Likes Received:
    3
    Trophy Points:
    6
    That laptop is just for playing with older hardware it's just for fun, nothing serious. There is no known active spectre attacks in the wild so i don't worry too much. I also have a desktop machine from 2016 its only 2 years old and the manufacturer is too lazy to integrate a microcode and release a new bios update.. if i worry to much about things i can't change i just gonna go crazy.. so whatever.

    Anyway thanks you all for the support and information i really appreciate it.
     
    Vasudev and Starlight5 like this.
  8. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    293
    Messages:
    2,475
    Likes Received:
    1,047
    Trophy Points:
    181
    @Markokk888 I have the same situation with my Windows tablet - but it's even newer, the model was released in November. Only use it as wireless second monitor and for reading in direct sunlight (the screen is exceptionally bright, yet it lasts longer on max brightness than my convertible laptop) - and that's all, no other tasks until its BIOS is patched - if ever.
     
    Vasudev likes this.
  9. Markokk888

    Markokk888 Newbie

    Reputations:
    0
    Messages:
    5
    Likes Received:
    3
    Trophy Points:
    6
    Use it in full power and don't worry that much there is no known active spectre attacks or you can simply request a refund because of this. all this meltdown and spectre nonsense is just ridiculous and get's on everyone's nerves.
    Because all of this it makes no differences to use newer or older hardware what can you do in a times like this is to wait or get a hardware that is already patched or patch are available. And if so its still not clear how many variants of this vulnerability will pop up in a future and if the hardware will ever get a new patch in a coming years. So fearing and waiting for some kinda invisible ghost to catch you is not practical if it ever happens anyways even on older hardware.. the future of all this is not clear so i'm against buying something new in a time like this.
     
    Last edited: Jun 27, 2018
    Vasudev likes this.
  10. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    293
    Messages:
    2,475
    Likes Received:
    1,047
    Trophy Points:
    181
    @Markokk888 sadly can't take the risks. My main laptop gets BIOS updates to mitigate arising security vulnerabilites all the time, in comparison.
     
    Vasudev likes this.
Loading...

Share This Page