Skip to main content

Firmware Configuration

While setting up your computer to run as an always-on server without a display, there are some firmware-level configuration settings we should verify. 

Traditional computers use an EFI or BIOS firmware architecture that stores your settings on a small memory chip powered by a coin-cell battery.  Through a user navigable interface, core computer features can be configured. 

There is no definitive standard for BIOS or EDI systems and that results in many different descriptive names for the same features.  While we try to cover the common names, you may need to do some personal research.  

Some OEM systems, such as business-grade workstation PCs, have simplified firmware with minimal configurable options.  This computer should still operate as a server but may require additional configuration through the operating system to properly manage power and efficiency settings.

 

This process is different for single-board computers like the Raspberry Pi 

Raspberry Pi & Single-Board Computers

 

Some settings to watch out for in your BIOS before installing Debian that

EFI & BIOS

Older PC systems use a BIOS – or Basic Input/Output System – to handle core functions before the computer has loaded an operating system.  The BIOS is used to configure fundamental computer settings that affects how hardware interacts with the operating system. 

Modern computer systems use UEFI – or the Unified Extensible Firmware Interface – to manage these settings through a graphic interface.

There are numerous manufacturers who use different BIOS and UEFI for their computer systems.  While not possible to give specific recommendations for computer systems, here are some general computer configurations to watch out for.

Disable Unused Hardware 

You can increase the overall security of a home server by disabling extraneous hardware as a proactive measure to decrease your cyber attack surface area.

Some common hardware components to disable are:

  • Serial and Parallel Ports
  • Audio Ports
  • Bluetooth
  • Wireless Internet

Bluetooth can be left on for connecting smart devices, but can be insecure.  Wireless can be left on to create a local network, but should not be used as the main connection for a server.

Power-Saving Features   

    Enable all powersaving features on the CPU.
   

Boot Priority
    Disable booting from all HDDs or Controllers (except for the drives I'm actually booting off of).

Power management

Wake on Lan

Keyboard mouse halt

Secure Boot

TPM module

Fast boot 

Restart after failure

Network boot

AHCI vs SATA vs RAID

Back to top