Copyright
©
2014
congatec
AG
TS87m13
120/124
11.7.1
Security Settings
Feature
Options
Description
Administrator Password
Enter password
Specifies the setup administrator password
HDD Security Configuration
List of all detected hard disks
supporting the security feature
set
Select device to open device security
configuration submenu
►
Secure Boot Menu
Submenu
11.7.1.1
BIOS Security Features
BIOS Password/ BIOS Write Protection
A BIOS password protects the BIOS setup program from unauthorized access. This ensures that end users cannot change the system configuration
without authorization. With an assigned BIOS password, the BIOS prompts the user for a password on a setup entry. If the password entered
is wrong, the BIOS setup program will not launch.
The congatec BIOS uses a SHA256 based encryption for the password, which is more secured than the original AMI encryption. The BIOS
password is case sensitive with a minimum of 3 characters and a maximum of 20 characters. Once a BIOS password has been assigned, the
BIOS activates the grayed out ‘BIOS Update and Write Protection’ option. If this option is set to ‘enabled’, only authorized users (users with the
correct password) can update the BIOS. To update the BIOS, use the congatec system utility cgutlcmd.exe with the following syntax:
CGUTLCMD BFLASH <BIOS file> /BP: <password> where <password> is the assigned BIOS password.
For more information about “Updating the BIOS” refer to the congatec system utility user’s guide, which is called CGUTLm1x.pdf and can be
found on the congatec AG website at www.congatec.com.
With the BIOS password protection and the BIOS update and write protection, the system configuration is completely secured. If the BIOS is
password protected, you cannot change the configuration of an end application without the correct password.
Note
Use cgutlcmd.exe version 1.5.3 or later.
Built in BIOS recovery is disabled in the congatec BIOS firmware to prevent the BIOS from updating itself due to the user pressing a special
key combination or a corrupt BIOS being detected. congatec considers such a recovery update a security risk because the BIOS internal
update process bypasses the implemented BIOS security explained above.