I was helping a friend replacing the battery and thermal paste on his System 76 laptop. Never own one before but I notice it runs a special BIOS version, Coreboot. It turns out there are Coreboot and Lireboot. .These help to boot really fast though.

Anyway, I notice there are no password BIOS lock like on Lenovo. How would this protect against someone plug a USB in and just wipe my drive? On Lenovo you can set a supervisor / boot passwords, and you can remove USB drives from the boot list.

  • fuckwit_mcbumcrumble@lemmy.dbzer0.com
    16·
    14 hours ago

    It’s apparently not at all a priority for the devs. They don’t seem to care if your laptop is stolen and the drive is wiped.

    Data exfiltration was their only concern and drive encryption solves that.

    • redsand@infosec.pub
      1·
      2 hours ago

      I can pull and wipe the drive in any laptop in 1-10min. Even in high end corporate almost no one sets a BIOS password, the few that do are doing it more to keep users out of those settings than as security. And even if you set it the on a lenovo, dell, hp, etc… There’s usually a manufactur password or pins you can short to reset it.

    • kkj@lemmy.dbzer0.comEnglish
      3·
      6 hours ago

      They don’t seem to care if your laptop is stolen and the drive is wiped.

      Even if they did care, what could they do about it? The thief could remove the drive and wipe it with their own computer, or even just physically destroy the thing. The only point of a BIOS password is to make the laptop a pain for a thief to resell.

    • Ada@lemmy.blahaj.zone
      4·
      14 hours ago

      What am I missing? If someone steals your laptop they can just mountb the drive in their own hardware irrelevant of your bios.

      • sbeak@sopuli.xyzEnglish
        4·
        13 hours ago

        When the drive in encrypted, you need a (very very long) encryption key to read it. Otherwise, the data is obfuscated and can’t be read by bad actors. This encryption key is essentially impossible for (non-quantum) computers to crack as it would take too long

        • slazer2au@lemmy.worldEnglish
          6·
          11 hours ago

          Ironically it’s also the best way to make sure your data isn’t leaked when selling drives second hand.

          Full encrypt it, roll the key, and now you have a drive with no readable content for sale.

          When the next person come along they will likely ignore the password and do their own thing.

            • slazer2au@lemmy.worldEnglish
              2·
              7 hours ago

              For spinning rust drives, yes. But for SSD no. Because of how the SSD store data it isn’t guaranteed to be overwritten.