There are a number of hardware layer security factors that can be conﬁgured within the system BIOS.
Security Factor and Description
Drive lock: A drive lock is a password setting used to protect the computer’s hard drive. The drive lock password is set in the BIOS and requires a password on startup. This password will protect the system’s hard drive from unauthorized access.
Intrusion detection: As it relates to the BIOS, intrusion detection refers to the BIOS detecting when the computer case has been opened. In some implementations, an alarm may sound when the case is opened.
TPM: The Trusted Platform Module (TPM) is a speciﬁcation that includes the use of cryptoprocessors to create a secure computing environment. A TPM can generate cryptographic keys securely. A TPM can be used to authenticate hardware, for disk encryption, for digital rights management, or any other encryption-enabled application. TPM can be used as a BIOS security method by using full disk encryption such as BitLocker to secure the system’s operating system volume.