Intel SE7520JR2 4.6OEM Binary, 4.7Security

4.6OEM Binary

System customers can supply 16 KB of code and data for use during POST and at run-time. Individual platforms may support a larger user binary. User binary code is executed at several defined hook points during POST.

The user binary code is stored in the system flash. If no run-time code is added, the BIOS temporarily allocates a code. If run-time code is present, the BIOS shadows the entire block as though it were an option ROM. The BIOS leaves this region writeable to allow the user binary to update any data structures it defines. System software can locate a run-time user binary by searching for it like an option ROM. The system vendor can place a signature within the user binary to distinguish it from other option ROMs. Refer to the SE7520JR2 BIOS EPS for further details.

4.7Security

The BIOS provides a number of security features. This section describes the security features and operating model.

The BIOS uses passwords to prevent unauthorized tampering with the system. Once secure mode is entered, access to the system is allowed only after the correct password(s) has been entered. Both user and administrator passwords are supported by the BIOS. To set a user password, an administrator password must be entered during system configuration using the BIOS setup menu. The maximum length of the password is seven characters. The password cannot have characters other than alphanumeric (a-z, A-Z, 0-9).

Once set, a password can be cleared by entering the password change mode and pressing enter twice without inputting a string. All setup fields can be modified when entering the administrator password. The “user access level” setting in the BIOS setup Security menu controls the user access level. The administrator can choose “No Access” to block the user from accessing any setup features. “Limited Access” will allow only the date/time fields and the user password to be changed. “View Only” allows the user to enter BIOS setup, but not change any settings.

Administrator has control over all fields in the setup, including the ability to clear the user password.

If the user enters three wrong passwords in a row during the boot sequence, the system will be placed into a halt state. This feature makes it difficult to break the password by “trial and error.”

The BIOS Setup may provide an option for setting the EMP password. However, the EMP password is only utilized by the mBMC; this password does not affect the BIOS security in any way, nor does the BIOS security engine provide any validation services for this password. EMP security is handled primarily through the mBMC and EMP utilities.