EFI & BIOS
Older PC systems use a BIOS – or Basic Input/Output System – to handle core functions before the computer has loaded an operating system. The BIOS is used to configure fundamental computer settings that affects how hardware interacts with the operating system. This architecture stores your settings on a small memory chip powered by a coin-cell battery. Through a user navigable interface, core computer features can be configured.
Modern computer systems use UEFI – or the Unified Extensible Firmware Interface – to manage these settings through a graphic interface. Some systems require enabling an advanced or administer mode to access all firmware settings.
There are numerous manufacturers who use different BIOS and UEFI for their computer systems. There is no definitive standard for BIOS or EFI systems and that results in many different descriptive names for the same features. While we try to cover the common names, you may need to do some personal research.
Some OEM systems, such as business-grade workstation PCs, have simplified firmware with minimal configurable options. This computer should still operate as a server but may require additional configuration through the operating system to properly manage power and efficiency settings.
These are some common keyboard commands to enter the BIOS or UEFI menu by manufacturer:
| ASRock | F2 or Del |
| Asus | F2 or Del |
| Acer | F2 or Del |
| Dell | F2 or F12 |
| Gigabyte | F2 or Del |
| HP | F10 |
| Intel | F2 |
| Lenovo | F1 |
| MSI | Del |
| Samsung | F2 |
| Toshiba | F2 |
Disable Unused HardwaresHardware & Features
You can increase the overall security of a home server by disabling extraneous hardware as a proactive measure to decrease your cyber attack surface area. Some common hardware components to disable are:
Port
Serial
Port: DisabledThis legacy protocol is used for old modems and printers.
Recommended:
DisabledParallel Port
Parallel Port: Disabled
This legacy protocol is used for old printers, scanners and storage devices.
Recommended:
DisabledAudio Ports
Audio Ports: Disabled
Our server ideally will be running "headless" (without a display) and should not be used as a media player. This can include 3.5mm and optical audio ports.
Recommended:
DisabledBluetooth
Bluetooth: Disabled
Bluetooth can be left on for connecting smart devices to Home Assistant, but the protocol can be insecure.
Recommended:
DisabledThunderbolt
Thunderbolt: Disabled
This technology can be enabled for daisy-chaining multiple displays and storage devices, but it has known vulnerabilities and should be disabled if not in use.
Recommended:
DisabledWireless Internet
Wireless Internet: Disabled
We will use a hardwired connection for our server and the wireless card should be disabled if not in use.
Recommended:
Disabled
Trusted Platform
Module:ModuleDisabledThis technology is used predominantly for Windows 11 and ensures operating system files are not tampered with. Linux can use the module for encrypting hard drives, but it should be disabled otherwise.
Recommended: Disabled
Power-Saving Features
We are running an always-on server which means our power efficiency settings are important.
Turning off certain hardware when the computer is idle can increase their life expectancy, while turning off others can decrease server stability.
SpeedStep
Cool'n'Quiet or
SpeedStep: EnableCool'n'Quiet (AMD) and SpeedStep (Intel) slow down the processor when idle to decrease overall power usage.
Recommended:
Enabled
EIST:EnableEIST
Enhanced Intel SpeedStep is an advanced mechanism for dynamically scaling the processor's speed and power consumption.
Recommended:
EnabledStates
C-
States: Enable or AutoThis feature allows the CPU to temporarily disable processor sections when they are not being used by the operating system.
C1E:Recommended: Enabled or AutoC1E
This is an advanced power-saving state that temporarily decreases the processor speed when idle while allowing for rapid return to an active state.
Recommended:
EnabledMode
ErP Mode and EuP
Mode: DisableThis is a comprehensive power feature related to an EU directive that aims to decrease overall device power usage. While useful for a standard computer, the setting an fundamentally alter system performance by disabling or under locking hardware.
Recommended: Disabled
Boot Settings
We can ensure that our server correctly boots into the operating system and restarts automatically in the event of a power failure.
Boot Priority
If your server has multiple storage disks, you need to ensure that the operating system disk has first boot priority. Ideally, you can disable booting from additional hard drives.
Halt
Keyboard and Mouse
Halt: DisabledOur server will be remotely accessible and we so not always need input devices connected to it. Without this setting disabled, the server will fail to boot without a keyboard or mouse present.
Recommended:
DisabledBoot
Secure
Boot: DisabledThis feature is used to verify operating system files during boot to ensure that malicious software cannot start.
By default, the hardware is configured for Microsoft Windows and can be configured for use with Debian if desired. Otherwise, it should be disabled.
Recommended:
DisabledBoot
Fast
Boot: DisabledThis feature disables several important power-on hardware tests and has been known to interfere with some operating system features. This feature is not supported by Linux out of the box.
Recommended:
DisabledFailure
Restart After
Failure: EnabledIn the event that your server loses power unexpectedly, it can be configured to turn back on when power is restored.
Recommended:
EnabledLAN
Wake-on-
LAN: EnabledYour server can be powered on through your Ethernet connection when it receives a "magic packet".
Recommended:
EnabledSchedule
Power
Schedule: DisabledOur server should remain on at all times and we do not want our server operating on a power cycling schedule.
Recommended: Disabled
Storage Interface
There are some settings related to the way hard drives and solid state disks communicate with the operating system.
Mode
SATA
Mode: AHCIAdvanced Host Controller Interface, or AHCI, enables the use of SSD drives through SATA ports. Additionally, it improves performance by enforcing hardware communication standards that can be employed by the operating system.
Recommended:
AHCI
RAID:DisabledRAID
Redundant Array of Independent Disks, or RAID, enables your system to duplicate hard drive writes on-the-fly. This creates a fully functional backup in real-time in the event of a systems failure.
This architecture needs to be setup before installing an operating system.
Recommended: Disabled