No, they can’t. The BIOS prompts the user to confirm the change on reboot. If the change is not confirmed, it doesn’t happen.
The problem is that I have not yet met a single human who enables a bios password. An attacker can simply boot the bios and disable it.
frongt@lemmy.zip 3 days ago
NuXCOM_90Percent@lemmy.zip 3 days ago
First, Yo. Doesn’t even need to be a good password.
Second, what you are describing is something very different. Outside of very rare situations (most of which theoretical or specifically targeting a specific system by a state level actor), to be able to “boot the bios and disable it” would generally mean the machine is already VERY compromised or the bad actor has physical access to the machine.
A good way of thinking of it is that secure boot isn’t the lock on the door. It is the peephole that you look through to make sure that the person with your pizzas is from Georgio’s AND you actually ordered pizza. Rather than just opening the door because “Yo, free food”.
On its own? It doesn’t do much. But it goes a LONG way towards improving security when combined with other tools/practices.
cadekat@pawb.social 3 days ago
Hi, I’m cadekat, and I have a bios password and custom keys in my secure boot. Pleasure to meet you :3
pathief@lemmy.world 3 days ago
I admire you, friend!