Parth ShuklaFollow


Access to the hardware settings as well as boot sequence and settings related to certain hardware/software functionality of a computer is protected by an access password for the Basic Input/Output Services (BIOS). While a simple and memorable password can help mitigate the risk of password loss, it provides weaker security, especially if the password is reused across multiple machines of a large fleet. This disclosure describes techniques for automated, decentralized management of machine-specific BIOS password using a centrally managed policy file that each machine fetches to determine if the current BIOS password is to be rekeyed. If a BIOS password change is required, the BIOS password for the machine is generated and stored locally, and then stored in a central repository. The password change operation on each machine is organized into sub-processes arranged in a strict sequence such that any sub-process can begin only after the previous one and cannot be executed again until the entire chain has finished. A syncer function is executed at the end of each sub-process to update the execution state on the local disk prior to initiation of the next sub-process. The decentralized operation is interruptible at any stage and provides operational flexibility and scale without the risk for password loss.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.