The BIOS configuration options provide extensive customization. In this video, you’ll learn about boot options, USB permissions,
During this video, we’re going to look at a number of different settings inside of our system BIOS. If you’d like to look at your own BIOS, you can launch it when the system starts up. Usually there is a function key or special key you push on your keyboard as your system is booting, and if your system recognizes that you’ve pushed that key, it will launch the BIOS setup program.
Very commonly, this key is the Delete key and F1 key and F2 key, or it might be a combination of keystrokes such as Control-S or Control-Alt-S. Some desktop hypervisors also allow you to stop the VM from booting to go into the BIOS settings for that virtual machine. If you’re in Windows 10 or Windows 11, you can use Hyper-V for this, or you can use third party hypervisors such as VMware Workstation. If you’re running Mac OS, you could run VMware Fusion.
And if you’d like to download either of those, you can go directly to the VMware website or you can use our link at professormesser.link/vmware to also go to that page. Unfortunately, if you’re using VirtualBox as your hypervisor, it does not support this virtual BIOS configuration, so you may want to use a hypervisor that does provide that functionality, or you may want to use an actual physical computer.
And a solution that doesn’t use any hypervisor or physical computer is to find a simulator of a BIOS online. There are many available. Simply search for UEFI BIOS simulator, and you’ll have many options to choose from. If you’re running Windows 10 and Windows 11, you may notice that when you start your computer, you don’t receive any prompts to push any special keys to start a BIOS. That’s because these versions of Windows don’t actually power all the way down when you turn your computer off.
This is because they use a feature known as fast startup. This means that your system only partially shuts down, so that when you turn it back on, it can start up that much faster. Unfortunately, this also means that it does not start the BIOS setup process, so there’s no opportunity to press the key and enter the BIOS configuration.
If you’d like to tell Windows to shut down completely so that you can then start this BIOS configuration, you can hold down the Shift key when clicking restart, or you can choose Settings, Update and Security, Recovery, Advanced Startup and Restart Now. You can also make temporary changes to this inside of the msconfig utility that is the system configuration utility in Windows. And if none of these options are available to you, one way that you can prevent fast startup from working is to interrupt the boot process three times in a row.
And if you do that, the fourth time through the boot process will begin from the very beginning. This may not be obvious when you’re restarting Windows, but if you’re someone who does need to make a BIOS change on a production system, you may find that you have to restart the system at least three times before you even have the option.
Before we get into the configurations of the BIOS, let me warn you that making a change to a BIOS could result in a system not booting or not being stable. For that reason, we recommend that if you’re making any changes to your BIOS configuration, that you document all of the changes that you made. One very easy way is to simply write down what the change might be, or if you have your phone with you, you might want to take a picture of the screen before you make that change.
It’s also a good idea to have an understanding of exactly what you’re changing in the BIOS. Most of the settings are relatively straightforward, but there are some configurations dealing with memory and CPU that may be difficult to understand, so it’s important that you don’t randomly make changes to these configurations, because it could cause problems with either the startup process or the ongoing reliability of the system. And as many of you know, I’m a big proponent of backups.
So if you are planning to make any changes to your BIOS, make sure that you have a backup of that configuration that you can always revert to. The BIOS is some of the first software that runs on your computer. When you hit the power button, the BIOS will take over and look at all of the configuration settings that you’ve made for this device. For example, you can disable hardware inside of the BIOS, and when you load your operating system, you’ll see that the operating system has no idea that that hardware exists.
That’s because the BIOS is that connection to the hardware, and if we disable that connection, your operating system has no idea how to access that hardware. The BIOS is also where you configure the boot order for your system. There are a lot of different ways that you could boot your system, and you probably have a number of different storage devices that you could boot from. You might have multiple SSDs inside of your system. You might have USB connections that you can plug in, and any one of those could be used as a boot device.
You have to configure your BIOS to tell it which device it will try to boot from first. And if there’s no operating system on that drive, which one you’ll boot from second, if there’s no operating system on that drive, which you’ll boot from third, and so on. I’m using an emulated BIOS to demonstrate some of these capabilities, so if you see a number of unusual settings, such as an invalid serial number or a Mac address of all X’s, you’ll know why. Let’s look at the boot configuration on this particular system.
We’ll go to the option in our menu called Startup. And in our startup system, the very first option is the Primary Boot Sequence, which determines what sequence will be used when the system starts up. You can see there are a number of different drives inside of this virtual system. There’s a number of SATA drives. There’s an M.2 drive. You’ve got a network connection and USB drives, and you can use any of these as the boot sequence.
The BIOS allows us to select any of these available drives and move it up or down in this list to determine where it sits in the overall boot sequence. For example, if you have a USB drive that you’d like to boot from, you’ll need to move that up to the very top so that it’s one of the first drives accessed during the boot process. Or perhaps you’ve installed a new M.2 drive, and you may need to move that up higher in the sequence so that it becomes the first drive accessed during the boot process.
We mentioned earlier that the BIOS allows you to enable and disable different hardware, and a good example of that is the USB connections that you have on your computer. Those USB drives allow us to plug in storage devices. In some cases, very large capacity storage devices, and some organizations have security teams that would like to restrict access to those USB storage devices.
This creates a bit of a balancing act, of course, because those USB drives are very convenient and very fast, especially if you need to move information from one system to another. Unfortunately, there have been cases where a USB drive could be used to cause problems on a network. A good example of this is in 2008, when the United States Department of Defense banned all USB flash drives on all of their systems, and it extended this ban for 15 months.
That’s because someone brought in a USB drive, plugged it in to a Department of Defense computer, and it infected itself with the SillyFDC worm, which then infected all of the other systems in the Department of Defense network. For that reason, the system administrators at the Department of Defense went into the BIOS of their systems and disabled the USB drives.
In our BIOS, the USB configuration is under devices, and it’s the option that says USB setup. In here, you can enable or disable interfaces, change what type of support you’re enabling for those devices, change which exact port is enabled and which one is disabled, and make a number of different configuration options to the USB settings.
Many of our computers have cooling systems inside, primarily because it can get very warm inside of that computer case. The CPU puts off a lot of heat, and we need some way to get that heat out of your system and bring cool air in. Commonly, this is done with fans. We’ll often have fans right on top of our CPUs to cool them directly. We might also have fans on our case that is pulling cool air through the entire computer to not only cool the CPU, but everything else inside of that case.
Most motherboards have temperature sensors and integrated fan controllers on the motherboard itself, and those fan controllers are configured inside of your system BIOS. This allows your motherboard to constantly monitor the temperatures, and if it starts getting warm, it can spin those fans up a little bit faster to help cool off the entire system. You’ll notice on most modern motherboards that your fans are connecting directly to the motherboard itself, so that it can provide that cooling function.
You’ll notice this one is plugged in. It’s even marked CPU FAN1. In our BIOS, the fan controls are located under the power option, and it’s down under Intelligent Cooling. This computer supports a number of different cooling options. One is a best performance, which means it will run at the best possible cooling for that system. A best experience, which means it will minimize the amount of noise being made by the fans, and then a full speed, where all fans in the system are always running at full speed.
If your fan is running in a place that’s relatively quiet, you may want to use best experience, but if you’re in a data center, you might want to choose full speed. You can decide which option is best for you by making that change inside of your BIOS. Most of us probably have some type of antivirus or anti-malware that runs inside of our operating system, but we also need to protect against malware that could load into your system before the operating system starts.
One way to prevent any malware from starting up before your operating system, or even overriding your BIOS itself, is to use a feature known as Secure Boot. This is a new feature that was added with the UEFI specification, and you won’t find this inside of a legacy BIOS system. Secure Boot has a digital signature for every well-known operating system that you might use.
This means that it knows what the operating system should look like, and if malware makes any modification to that software, it will stop the boot process and prevent that malware from running. So if you’re trying to run a very old operating system on your computer, you may find that the Secure Boot feature doesn’t allow that operating system to run because it doesn’t have a digital signature for that particular software. In that case, you may need to disable Secure Boot so that you can start up that older software.
When you want to run the newer software, you’ll want to re-enable Secure Boot so that it will work properly with the modern operating system. Secure Boot checks not only the operating system that you’re running, but the BIOS itself. When you start your computer, the Secure Boot process looks at the BIOS configuration and determines what the manufacturer’s public key is for that particular system.
Secure Boot is not only protecting the operating system that you’re running, it also protects anyone from overwriting your BIOS. It does this by checking the public key for the manufacturer of your system, and it compares that with a digital signature on the BIOS update that you’re trying to install. If it notices that the digital signature cannot be confirmed with the public key, it will prevent any BIOS update from overwriting the current configuration.
Secure Boot also checks the bootloader that runs before your operating system starts. It does this by looking at the digital signature associated with the bootloader, and compares that to a trusted certificate on your system. If Secure Boot cannot confirm that your digital signature is valid, it will not start the operating system on our computer. The Secure Boot options are under security.
We’ll have to scroll down to find the Secure Boot options, and then we’ll choose the option for Secure Boot. Inside of this configuration are options to enable or disable Secure Boot, and then to manage the keys that are used to confirm those digital signatures. There are also a number of security features inside the BIOS that can either prevent the system from booting or prevent the system configuration from being changed. This is all done through password management in the BIOS itself.
If you’d like to prevent anyone from booting the system unless they have the right password, then you’ll want to enable a boot password. You’ll sometimes see this referred to as a user password. When your system starts up, it will prompt you for a password, and you must enter the password for that system to boot an operating system. This obviously will work regardless of what operating system you happen to be running on that computer. As a system administrator, you may want to make configuration changes to your system and prevent anyone from undoing those changes that you’ve made.
A good example of this is you may have disabled the USB connections on your computer for security reasons, and you don’t want someone to change that configuration and re-enable those USB connections. To be able to prevent this change, we would configure a supervisor password. You might also see this referred to as a BIOS password. This restricts anyone from starting the BIOS configuration unless they have the correct password. Both of these passwords are obviously important to remember.
If you don’t have the boot password, you can’t start the computer, and if you don’t have the supervisor password, you can’t make any changes to the BIOS. If you do find yourself without one of these passwords, then you’ll need to reset the BIOS configuration completely. You’ll want to check your motherboard manufacturer to determine what process is used to reset the BIOS for your system.
In our BIOS, those passwords are set in the security settings. We were already in the security settings when we were looking at the Secure Boot options, so we’ll back out of this. And if we scroll all the way to the top, you can see there are options for a supervisor password a power on password, and this system also supports other passwords as well. Our BIOS software and the BIOS configuration settings are both stored on the motherboard.
The BIOS software itself, what we sometimes refer to as the firmware, is stored in flash memory that is on the motherboard, and its flash memory so that we can upgrade that BIOS if we need to. The BIOS configuration settings are often stored in separate flash memory that is also on the motherboard. When working with the BIOS, you may run across references to CMOS. This is a complementary metal oxide semiconductor.
This is a type of memory that we used to use when we were working with the BIOS, but these days, most BIOS configurations are simply flash memory. Before the advent of flash memory, most of these configurations were stored in volatile memory on the motherboard itself, and all of those configurations were kept active with a battery that is on the motherboard.
These days, those BIOS configurations are stored in non-volatile flash memory on the motherboard, so they don’t need a battery backup or any type of power source to maintain that configuration. For that reason, if you need to reset the BIOS configuration, simply removing the batteries, not going to do it. You very commonly use a reset process that needs physical access to the motherboard. You add a jumper to the motherboard, turn the computer back on, and it resets the BIOS.
For example, we have an Asus motherboard here. This is a Micro-ATX motherboard. And if you look very closely near the bottom of this motherboard, you’ll see a small chip. That’s the BIOS chip that is used to store the BIOS firmware. This motherboard allows you to reset the BIOS configuration using a jumper that’s located just to the right of the BIOS chip itself.
And you’ll notice that it’s marked CLRTC. On this motherboard, that stands for Clear Real-Time Clock RAM. We want to use a jumper on those two pins to be able to short that connection and turn the computer on to reset the BIOS config. This is what the pins look like on the motherboard. You can see it’s just a couple of copper pins sticking out of the motherboard, and we want to connect those pins together. To do that, we use a jumper.
It is one of these little plastic squares. And inside of this plastic square is a piece of metal that connects those two copper connections together. If you look closely at this image, you can see the bar going straight across. And if you push this jumper down onto those two pins, it connects those two copper pins together and you’ve shorted the connection. There are a remarkable number of temperature sensors on your motherboard. You’ll have sensors inside of your CPU, inside of the memory, and inside of other components that are on the motherboard itself.
For that reason, most BIOS configurations have an option for temperature monitoring, so you can start up the BIOS software to see what temperatures this system might be seeing. You can certainly use third party software to be able to view these temperatures, but most BIOS software will also allow you to view that temperature information within the BIOS configuration itself. This allows you to monitor the temperature inside the hardware of the computer itself, without bringing in any other operating systems or other third party software.
These temperature settings may be an essential monitoring tool, or it may be added to the hardware monitoring that you have on the system. For example, in this computer, the CPU itself is currently showing a 45 degree centigrade temperature. So if you’ve installed some new hardware and you want to be sure the system is cooling everything properly, you may want to look inside of your BIOS first before starting the operating system.
These days, we tend to use virtualization for many different uses, and there is hardware inside of your computer that can enhance the overall process of virtualization. This is enabled and disabled inside of the BIOS of your system. Most of this virtualization hardware is built into the CPU inside of your computer, so you’ll need to check the manufacturer’s specification to see what options might be available for your particular central processing unit. By enabling these virtualization capabilities in hardware, we can make the process more stable and much faster.
If you’re using an Intel CPU on your motherboard, you’ll want to look to see if you can enable the Intel Virtualization Technology, or VT. If this is an AMD motherboard, then you’ll want to enable AMD Virtualization or AMD-V. In our BIOS, we’ll find all of those virtualization options under the Advanced option, and we’ll choose the CPU Setup feature. And the first option at the top is AMD Secure Virtual Machine. And we can enable or disable that from inside of our UEFI BIOS.