Large environments require BIOS updates more than the average user, and may require some type of update across hundreds of servers (or more) if a bulk-purchase was made. These need to have the ability to be scripted. A solution sacrificing both convenience and security would be to require a BIOS password to be set on first boot. This could be scripted so that when a server comes into a corporation, it gets a BIOS password, and then this password is required to write any BIOS (or even firmware-level update) to the system.
Then the issues are losing the password - which could then employ a jumper to reset - and the encryption level of the BIOS password, which would be interesting after few years.
Slashdot Mirror
Large environments require BIOS updates more than the average user, and may require some type of update across hundreds of servers (or more) if a bulk-purchase was made. These need to have the ability to be scripted. A solution sacrificing both convenience and security would be to require a BIOS password to be set on first boot. This could be scripted so that when a server comes into a corporation, it gets a BIOS password, and then this password is required to write any BIOS (or even firmware-level update) to the system. Then the issues are losing the password - which could then employ a jumper to reset - and the encryption level of the BIOS password, which would be interesting after few years.