What is BIOS Lock?
Quick note explaining BIOS Lock for BIOS/UEFI and embedded firmware readers.
BIOS Lock is a UEFI firmware security concept related to boot trust, variable protection, measurement, or firmware update policy.
Why it matters
- Explains firmware trust and protection mechanisms.
- Helps debug Secure Boot, measured boot, and variable-protection behavior.
- Useful when reviewing boot security policy.
Practical example
Example: Secure Boot decides whether an image is allowed to run; Measured Boot records what actually ran.
Quick checklist
Quick takeaway
BIOS Lock is a small concept, but it often becomes important when reading logs or debugging real firmware.
How I usually read it
I try not to treat BIOS Lock as a dictionary entry. I read it as part of a firmware path: who produces it, who consumes it, and what symptom appears when it is wrong. That habit makes the note useful during debugging, not only during study.
Where it shows up
For security and SMM topics, I read BIOS Lock as a trust-boundary question. Who can call this path? Where does the buffer come from? When is the policy locked? What happens if the input is controlled by an attacker?
In a real debugging session
For BIOS Lock, the important question is not only what it protects, but when it is locked, who can change it, and where the current state can be verified. Firmware security often fails because the policy is correct on paper but applied at the wrong time.
While reading source code, pay attention to phase transitions, NVRAM variables, SMM policy, flash descriptor settings, and image authentication paths. Security bugs often hide behind ordinary control flow.
Related notes
- What is TPM PCR?
- What is SMM Lock?
- What is Secure Boot Keys?
- What is Measured Boot?
- What is Authenticated Variable?
Public references
Found this useful?
Save it or share it with someone learning firmware, BIOS/UEFI, and embedded systems.
Biến note thành bài viết hoàn chỉnh
Notes là nơi ghi nhanh khái niệm.