• 0 Posts
  • 22 Comments
Joined 2 years ago
cake
Cake day: June 13th, 2023

help-circle







  • If you restore the BIOS to the default settings using the button on the left-most side in the BIOS, and then setup an Administrator password in the Security tab, you’d be able to verify yourself by using a Ventoy flash drive if you want.

    Also I feel is important to mention that your BIOS password for that one model of XPS you have can be reset by generating a master key, so I really recommend turning on an option that I cannot remember the name of from the tip of my tongue, but it disables the “master password”, with the disadvantage that if you forget your BIOS password you’d have to replace the motherboard. If I find the name I’ll link it right here.

    Edit1: The option is called Master Password Lockout.

    Edit2: Is worth noting also that resetting the BIOS to default settings and erasing your secure boot keys might render your system unbootable if you use Windows BitLocker.


  • Yeah, unfortunately the default state is always to allow enrollment of keys. Think about the thousands of enterprise devices which just got a BIOS password from the IT Dept. And the only change they made to the BIOS was the PXE Boot as a first option. As long as they never disable booting from the USB devices, it will enroll the keys. HP even allows you to get to the Boot Menu and sort of a pre-BIOS menu in the newer devices still with a BIOS password and lock set up. And I have first hand witnessed way too many to count instances where that is the case.

    No matter what vendor, HP, Dell or Lenovo (the 3 main ones used in the enterprise world) allow the enrollment of keys by default, with a locked BIOS by default.

    Source: I’m the sysAdmin at a R2 recycler and regularly get thousands of laptops to play with.