EFI & BIOS

Older PC systems use a BIOS – or Basic Input/Output System – to handle core functions before the computer has loaded an operating system. The BIOS is used to configure fundamental computer settings that affects how hardware interacts with the operating system. This architecture stores your settings on a small memory chip powered by a coin-cell battery. Through a user navigable interface, core computer features can be configured.

Modern computer systems use UEFI – or the Unified Extensible Firmware Interface – to manage these settings through a graphic interface. Some systems require enabling an advanced or administer mode to access all firmware settings.

There are numerous manufacturers who use different BIOS and UEFI for their computer systems. There is no definitive standard for BIOS or EFI systems and that results in many different descriptive names for the same features. While we try to cover the common names, you may need to do some personal research.

Some OEM systems, such as business-grade workstation PCs, have simplified firmware with minimal configurable options. This computer should still operate as a server but may require additional configuration through the operating system to properly manage power and efficiency settings.

Disable Unused Hardwares & Features

You can increase the overall security of a home server by disabling extraneous hardware as a proactive measure to decrease your cyber attack surface area. Some common hardware components to disable are:

Serial ~~Port~~Port: Disabled

~~Test.~~This legacy protocol is used for old modems and printers.

Parallel ~~Port~~Port: Disabled

~~Test.~~This legacy protocol is used for old printers, scanners and storage devices.

Audio ~~Ports~~Ports: Disabled

~~Test.~~Our server ideally will be running "headless" (without a display) and should not be used as a media player. This can include 3.5mm and optical audio ports.

~~Bluetooth~~Bluetooth: Disabled

Bluetooth can be left on for connecting smart ~~devices,~~devices to Home Assistant, but the protocol can be insecure.

Thunderbolt: Disabled

Test.

Wireless ~~internet~~Internet: isDisabled

We ~~not~~will ~~reliable~~use ~~enough~~a ~~to be used as the main~~hardwired connection for aour server and the wireless card should be disabled if not in use.

~~Thunderbolt~~

~~Test.~~

~~Wireless Internet~~

~~Test.~~

Trust Protection Module

Test.

Power-Saving Features

We are running an always-on server which means our power efficiency settings are important.

Turning off certain hardware when the computer is idle can increase their life expectancy, while turning off others can decrease server stability.

Cool'n'Quiet or SpeedStep: Enable

Cool'n'Quiet (AMD) and SpeedStep (Intel) slow down the processor when idle to decrease overall power usage.

EIST: Enable

Enhanced Intel SpeedStep is an advanced mechanism for dynamically scaling the processor's speed and power consumption.

C-States: Enable, Auto or (C1, C3 & C6)

This feature allows the CPU to temporarily disable processor sections when they are not being used by the operating system.

C1E: Enabled

This is an advanced power-saving state that temporarily decreases the processor speed when idle while allowing for rapid return to an active state.

ErP Mode and EuP Mode: Disable

This is a comprehensive power feature related to an EU directive that aims to decrease overall device power usage. While useful for a standard computer, the setting an fundamentally alter system performance by disabling or under locking hardware.

Boot Settings

We can ensure that our server correctly boots into the operating system and restarts automatically in the event of a power failure.

Boot Priority

Only allow system hard drive and USB, after hard drive.

Keyboard and Mouse Halt: Disabled

Disable keyboard and mouse halt.

Secure Boot: Disabled

Disable secure boot.

Fast Boot: Enabled

Enable fast boot.

Restart After Failure: Enabled

Turn on the computer after failure.

Wake-on-LAN: Enabled

Enable wake on lan to turn on remotely.

Power Schedule: Disabled

Disable the computer turning on and off at specific times.

Storage Interface

There are some settings related to the way hard drives and solid state disks communicate with the operating system.

AHCI

Use AHCI if it is available instead of SATA

RAID

RAID can be used to duplicate hard drives on the fly so that you always have a fully functional backup. This needs to be setup before installing an operating system.