NORCROSS, GEORGIA: – American Megatrends International LLC (AMI), a global leader in BIOS and UEFI firmware, server and remote management tools, data storage products and unique solutions based on the Linux® and Android™ operating systems, is pleased to announce support for BIOS passwords to be stored in the TPM NVRAM via new Aptio® V UEFI Firmware eModule.
System security is typically considered in terms of layers of security. Most end-users have a password or pin to gain access into their operating system. This is considered the most basic form of system protection. This type of protection does not stop a malicious user from booting the system using another operating system loaded onto an external storage device; such as a USB stick.
BIOS passwords offer a stronger layer of system protection. Having a BIOS password along with a proper Boot Order setting, offers superior protection as it can raise the barrier against a malicious user from booting the system from external storage devices. However, it does not stop them from physically opening the system and resetting the BIOS to its default settings. If the BIOS password is disabled by default, then the system can be infiltrated.
Additionally, as more individuals begin to experiment with defeating BIOS passwords, the traditional method of storing the BIOS password weakens. BIOS passwords are not stored in plain text. They are hashed and stored in system NVRAM. This method is easy for system manufacturers to implement and offers a good level of security because passwords are not saved in the clear. However, anyone can read system NVRAM and an attacker can easily employ a Dictionary Attack, which is simply attempting to guess the password until a match is found.
AMI raises the barrier higher with a drastically different approach not traditionally seen when it comes to BIOS password integrity. AMI has invested two years developing and testing, storing the BIOS password in the NVRAM of the TPM. The TPM has inherent characteristic that counter attempts to gain access to its NVRAM. Malicious user cannot search NVRAM for the BIOS password hash. Continuous read of TPM NVRAM with the wrong password will trigger a dictionary attack defense mechanism that will intentionally and steadily slow down an attack.
As an added benefit of storing BIOS passwords in the TPM NVRAM, BIOS passwords are preserved even after a BIOS firmware flash and hardware reset. A USB recovery key can be created during password creation that can be used to recover system if password is lost or forgotten.
AMI will begin offering this method of storing BIOS passwords immediately with the introduction of a new BIOS eModule called TpmPassword. Please contact your AMI sales representative for more information on the prerequisites and how to license it for Intel platforms, AMD platforms, and Arm-based platforms.
Founded in 1985 and known worldwide for AMIBIOS®, American Megatrends International LLC (AMI) supplies state-of-the-art hardware, software and utilities to top-tier manufacturers of desktop, server, mobile and embedded systems for both X86 and ARM based platforms. AMI’s industry leading Aptio® V UEFI BIOS firmware, MegaRAC® remote server management tools and solutions based on the popular Windows, Android™ and Linux® operating systems continue to garner industry acclaim and awards around the world. In line with the diversity of its technology and product line, AMI is a member of a number of industry associations and standards groups, such as the Unified EFI Forum (UEFI), the Intel® Internet of Things Solutions Alliance and the Trusted Computing Group (TCG). Headquartered in Norcross, Georgia, AMI has locations in the U.S., China, Germany, India, Japan, Korea, Taiwan and Hong Kong to better serve its customers.
For more information on AMI, its products or services, call 1-800-U-BUY-AMI or visit ami.com.
Statement of Liability: © 2019 American Megatrends International LLC Product specifications are subject to change without notice. Products mentioned may be trademarks or registered trademarks of their respective companies. All rights reserved. No warranties are made, either express or implied, with regard to the contents of this work, its merchantability or fitness for a particular use. This publication contains proprietary information, which is protected by copyright. American Megatrends reserves the right to update, change and/or modify this product at anytime.
*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: https://trustedcomputinggroup.org/american-megatrends-supports-bios-passwords-to-be-stored-in-the-tpm-nvram-via-new-aptio-v-uefi-firmware-emodule/