Score:0

Why does my Dell server BIOS asks for the BIOS password during a regular reboot?

sa flag

I have a Dell PowerEdge T350 server. I enabled TPM and Secure Boot as well. For these I needed to specify a BIOS password (which I would have done anyway). What startles me is that the server keeps asking for a BIOS password at every freakin boot, even when I don't want to enter the BIOS (most of the time I don't want). I expect to be prompted for a BIOS password only asked for when I want to actually enter the BIOS. Not every time.

I don't see right away which BIOS settings control that and I tried various search phrases but I only get to articles which tell me how to set a password in the BIOS. The server itself is pretty "standard": one OS (Windows Server 2022), UEFI BIOS, I haven't changed much in the BIOS besides TMP and Secure Boot, apart from also enabling SGX under the TPM.

Related Dell community forum entry

enter image description here enter image description here enter image description here enter image description here enter image description here

Jaromanda X avatar
ru flag
what are the available options for secure boot policy and secure boot mode
Csaba Toth avatar
sa flag
@JaromandaX Secure Boot Policy: Standard / Custom. When I switch to custom via iDRAC nothing extra happens on the web GUI (since I'm not physically sitting at the console I don't see the BIOS's help or how it reacts). Secure Boot Mode: User Mode / Audit Mode / Deployed Mode
Score:1
sa flag

I'm almost sure that it's gonna be what @DELL-Joey C pointed out in the dell forums: I'm almost certain that I set the system BIOS password, whereas what I want is to set the BIOS setup password - that would be the one which is only prompted if I'd want to enter the BIOS. The system password is prompted all the time.

Now I just have to figure out how to clear the system BIOS password through the iDRAC web GUI. I clear the SHA and the slat fields but they keep popping back after I Apply my changes.


Update: I was not able to clear the system password via iDRAC web. However sitting at the console physically we were able to set the setup password and then clear the system password (without turning of Secure Boot or TPM). Problem solved.

Csaba Toth avatar
sa flag
This may not be possible to clear via the iDRAC web. Another thing to figure out: is it even possible to not have a system password when the Secure Boot is turned on. If I recall correctly when I turned Secure Boot on I was forced to specify a password.
Csaba Toth avatar
sa flag
I highlighted the most important keywords (type of passwords)
Score:0
sm flag

The BIOS password is in fact is a BIOS POST password, the password is stored directly on the BIOS chip. Since it relies on POST and also controls the system initialization, it will asks for password everytime the POST procedure happens. If you want to continue to use this password, you need to input it in order to boot your system.

https://wiki.archlinux.org/title/security#Locking_down_BIOS

https://www.techtarget.com/searchenterprisedesktop/definition/BIOS-password

Csaba Toth avatar
sa flag
This is generic and not applicable to my case
Arrow Root avatar
sm flag
It is exaclty your case, you are using a BIOS password, not a BIOS setup password. If you want to continue to use it, you'll be prompted to input password each time the system boots.
Csaba Toth avatar
sa flag
Both the system and the setup passwords are BIOS passwords. You didn't mention system or setup passwords, just quoted some generic stuff I also found with my searches, it didn't help
Arrow Root avatar
sm flag
Do you understand the password you set is stored in a place that relies on the POST proccess? Do you understand that since your password relies on POST, everytime you reboot your system it will ask for the password you set?
Csaba Toth avatar
sa flag
Have you actually read the solution? I think you are in a write-only mode. Please take just 30 seconds to read the marked answer. With that solution the system is now booting without asking for a password (surprise), and only asks for it if I'd want to actually enter the BIOS. The BIOS does not always have to ask for a password, it depends on the BIOS type and which password you set exactly.
Csaba Toth avatar
sa flag
I highlighted the keywords which led me to the answer.
Arrow Root avatar
sm flag
I didn't figured out that answer is a solution, because it isn't marked as one so I just didn't read. My bad. I'm happy you was able to solve it.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.