UEFI Firmware Security

  • Set a Supervisor Password. A supervisor password will prevent unauthorized access to the UEFI firmware setup and configuration user interface. This ensures that only authorized users can modify any settings configured after the installation. Users will have three attempts at keying the correct password. After three failed attempts to enter the supervisor password, entry to the UEFI setup will become locked.

If the supervisor password is forgotten or lost, it cannot be recovered or cleared. If further UEFI setup changes need to be made, the device must be repaired by a qualified Oracle repair facility.

See the Configuring System Security Settings sections of the Oracle MICROS Workstation 8 Series Setup Guide for information on enabling this setting.

  • Enable secure boot. Secure boot is an effective defense against low-level malware that attacks the boot code used to start the operating system. Malware at this level can remain completely undetected by some security software installed at the operating system level, and cannot be easily removed. All models of the Workstation 8 Series utilize UEFI 2.3.1 Errata C compliant firmware and include support for the secure boot feature.

See the Configuring System Security Settings sections of the Oracle MICROS Workstation 8 Series Setup Guide for information on enabling this setting.

A firmware supervisor password is required to enable secure boot. If enabling a supervisor password is undesired, set the password temporarily to enable secure boot. Once secure boot has been enabled, the password can be cleared (not recommended) as long as the current password is known.

  • Set a HDD Password. A hard drive password will prevent unauthorized access to a bootable hard drive. This ensures that only authorized users can boot the password protected drive after the installation. Users will have three attempts at keying the correct password. After three failed attempts to enter the HDD password, the HDD will become permanently locked.

If the HDD password is forgotten or lost, it cannot be recovered or cleared. If further UEFI setup changes need to be made, the device must be repaired by a qualified Oracle repair facility.

See the Configuring System Security Settings section of the Oracle MICROS Workstation 8 Series Setup Guide for information on enabling this setting.

  • Disable unused USB Ports. Disabling the USB ports on the device can be an effective defense against attempts to install malware or hardware components used to gain access to the device. When USB ports are disabled through UEFI firmware on the Workstation 8 Series workstations, the respective port will not supply power to attached USB peripherals.

See the Other Advanced BIOS Configurations section of the Oracle MICROS Workstation 8 Series Setup Guide for information on enabling these settings.