Bios password and tpm..

I have a S7110 laptop with a tpm and with pre boot bios password and i wonder if its possible to clear the bios password by removing the cmos battery or using the jumpers and boot directly to the os ? or when i do that the tpm also will be cleared ? there is also a master password so i wonder whats is the point of using the tpm if its so easily accessible ?

if anyone will use master password or clear the bios password and the data on the tpm will remain anyone will have access to all my data and will able easily boot to the os so whats the point of having tpm then ?

 

Firmware 'integrity', but it won't help protect your data. And a simple cmos reset won't clear the bios pw, but that too isn't that hard to do. Mind that we can't discuss the nitty-gritty of those methods on this forum, per The Rules, but suffice to say; don't rely on either 'security' method to protect your data.

Disk encryption is what you should look at, anything else is just a waste of time. And that's mostly the user's, considering the number of times you're typing useless passwords ... but maybe a little less if you're using a firmware-programmable mouse .

 

im using bitlocker the entire drive is encrypted with tpm and of top of that bios boot password. i'm not locked out. I'm just trying to understand how secure the laptop will be if anyone stole it.Because if the bios password will be bypassed somehow the tpm will tell the encryption keys to the os and os will boot without a problem, so is it secure ? Or should i avoid the tpm instead ?

The real question is if someone gonna reset the bios to defaults by removing the cmos battery or entering the master password or some other way is tpm chip will be reseted to ? Or it still gonna hold the encryption keys ? If yes and the bios will no longer have any password then tpm will simply let the os to bootup without any problems. Or im wrong here ?

 

@Markokk888 AFAIK Bitlocker can be bypassed if your laptop is stolen while on/sleeping, otherwise you're pretty safe; hacking TPM is not realistic unless your TPM model was compromised (e.g. Infineon) and firmware wasn't updated.

 

Well my tpm version is 1.2 is it safe ? Its older model.
Also i wonder how to correctly update the tpm chip software is it in firmware or in driver level ?

 

@Markokk888 there definitely are no TPM updates for your machine on Fujitsu website, so you're probably safe on the TPM side. Check TPM's hardware ID and google it, to be sure.

p.s. your machine is vulnerable to Spectre attacks anyway and won't receive mitigations due to CPU being too old, it is not by any means secure in the long run, get a newer machine from a reputable business line if you care about security.

 

That laptop is just for playing with older hardware it's just for fun, nothing serious. There is no known active spectre attacks in the wild so i don't worry too much. I also have a desktop machine from 2016 its only 2 years old and the manufacturer is too lazy to integrate a microcode and release a new bios update.. if i worry to much about things i can't change i just gonna go crazy.. so whatever.

Anyway thanks you all for the support and information i really appreciate it.

 

@Markokk888 I have the same situation with my Windows tablet - but it's even newer, the model was released in November. Only use it as wireless second monitor and for reading in direct sunlight (the screen is exceptionally bright, yet it lasts longer on max brightness than my convertible laptop) - and that's all, no other tasks until its BIOS is patched - if ever.

 

Use it in full power and don't worry that much there is no known active spectre attacks or you can simply request a refund because of this. all this meltdown and spectre nonsense is just ridiculous and get's on everyone's nerves.
Because all of this it makes no differences to use newer or older hardware what can you do in a times like this is to wait or get a hardware that is already patched or patch are available. And if so its still not clear how many variants of this vulnerability will pop up in a future and if the hardware will ever get a new patch in a coming years. So fearing and waiting for some kinda invisible ghost to catch you is not practical if it ever happens anyways even on older hardware.. the future of all this is not clear so i'm against buying something new in a time like this.

 

@Markokk888 sadly can't take the risks. My main laptop gets BIOS updates to mitigate arising security vulnerabilites all the time, in comparison.