[SeaBIOS] Seabios password protection
Jean-Michel Pouré - GOOZE
jmpoure at gooze.eu
Fri Jun 6 08:41:17 CEST 2014
> It is expected projects like QEMU and coreboot
> will handle those tasks.
Seabios is also the BIOS of real computers, including the PC Engines
And probably the 'real' BIOS of many others.
> In a nutshell, there isn't really anything in SeaBIOS to password
> protect and so no reason for a password.
I am worried that SeaBIOS allows setting the priority of boot devices of
the PC Engines APU without restriction. This allows an attacker to boot
into any system using a USB sticks. Attacks with USB sticks are very
I have no idea what would solve this problem. A good password management
with password stored in SHA-512 for sure. Encryption of BIOS data would
also help. The interest of a password is that it will stop MOST
attackers, but I agree not all (you can always compile SeaBIOS and
replace it with a modified version).
Also, providing a password for a BIOS system is a requirement, when used
in governments and administrations. French authorities recommend setting
a BIOS password on any GNU/Linux computer. Even companies might be
obliged sooner or later to set a BIOS password, as this is part of their
contract with insurance companies.
Are there projects around to protect Seabios with password or
More information about the SeaBIOS