AMI BIOS -- need to set BIOS password from Linux

BIOS/UEFI Modding BIOS Modding Guides and Problems
1

Hi all,
I’ve got a need to password protect the BIOS on a large number of Linux machines, remotely.
Ideally I’d also have a way to disable booting from anything but SATA / NVME, but that’s just a bonus :slight_smile:

I found a copy of the AMISCE utility (both the EFI and Linux versions), and while they seem to work doing stuff like changing USB support etc, I am unable to set a password using the /cpwd /apwd etc flags.

I don’t recall the exact message, but it’s something along the lines of “Bios doesn’t support this”.

Any ideas?

My goal is to prevent a casual user from getting a USB boot drive, rebooting the PC, and then using that bootable drive to install malware.

I’m not completely opposed to using one of the flashing utilities to flash the BIOS with these settings baked in, if that makes things easier.

Really appreciate any pointers!

An example of one of the motherboards I’m dealing with is the Gigabyte H370M D3H GSM-CF

2

Have you checked to see if the system is set up to require a password when entering bios currently because it may not allow changing the password if it isn’t configured to use one.

Doing some reading in the amisce manual the password stuff does sound like it maybe isn’t the most robust. I also noticed this note.

“Note: The BIOS must be configured to allow clearing and creating passwords. This feature is
only allowed in the EFI version of the tool”