Page 1 of 1
X230 BIOS Security Recommended Settings
Posted: Thu Mar 19, 2015 4:39 pm
by c3l3x
What are the recommended BIOS settings to secure a ThinkPad X230?
I've searched online and on the forums but I don't see a guide and the documentation I've read on the BIOS settings are cryptic.
My X230 has the latest BIOS. I'm running Windows 8.1 x64 with Bitlocker. What settings should I enable/disable, etc. to make the system as secure as possible?
Thanks!
Re: X230 BIOS Security Recommended Settings
Posted: Thu Mar 19, 2015 5:07 pm
by rkawakami
Welcome to thinkpads.com!
Thinkpad BIOS security comes in three basic flavors:
- Power-on password; prompts you each time the system is powered up. This is the least secure roadblock as it's easily removed (just read the description in the Hardware Maintenance Manual).
- BIOS (aka Supervisor) password; prompts you each time you attempt to access the BIOS. This can result in the common "bricking system" situation. If you have set both the power-on and BIOS password, removing the power-on password will automatically lock the system so that you will need to provide the BIOS password upon the next boot. If you don't know the BIOS password, the system will not boot anything. As with most computer security systems, this one can be circumvented but it requires some effort. Password is stored on the motherboard and the factory-recommended fix is to replace the motherboard.
- Hard drive password; prompts you each time the system is accessed from a boot or exit-from-hibernation event. This is the most secure system for protecting your data as it requires the correct password before the system even gets to the Windows login. Password goes with the drive so moving it to another system does not good.
As with any password-based system, your security is only as good as the strength of your selected passwords. DO NOT use the same password for all three locks. If your goal is to make it as hard as possible for somebody to steal/access the data on your drive, then I'd set all three. It can be a hassle if you are constantly booting the system but it's the most secure. Note that in "normal" operation (simply powering up or booting), if all three passwords are set, then you only need to enter two: power-on and HD password. The BIOS password will not be required and in fact, you won't even know it's been set as long as you don't try accessing the BIOS menu.