Skip to main content

Firmware Configuration

While setting up your computer to run as an always-on server without a display, there are some firmware-level configuration settings we should verify. This process is different for single-board computers like the Raspberry Pi and traditional desktop computers. 

Raspberry Pi & Single-Board Computers

1000006145.png

SomePerformance settingsoptions

to

Interface watchoptions

out

System foroptions

in

Advanced your BIOS before installing Debian thatoptions

EFI & BIOS

1000006149.jpg

Older PC systems use a BIOS – or Basic Input/Output System – to handle core functions before the computer has loaded an operating system.  The BIOS is used to configure fundamental computer settings that affects how hardware interacts with the operating system. This architecture stores your settings on a small memory chip powered by a coin-cell battery.  Through a user navigable interface, core computer features can be configured.

1000006146.webp

Modern computer systems use UEFI – or the Unified Extensible Firmware Interface – to manage these settings through a graphic interface.

There are numerous manufacturers who use different BIOS and UEFI for their computer systems.  While not possible to give specific recommendations for computer systems, here are some general computer configurations to watch out for.

Traditional computers use an EFI or BIOS firmware architecture that stores your settings on a small memory chip powered by a coin-cell battery.  Through a user navigable interface, core computer features can be configured.


There is no definitive standard for BIOS or EFI systems and that results in many different descriptive names for the same features.  While we try to cover the common names, you may need to do some personal research. 



Some OEM systems, such as business-grade workstation PCs, have simplified firmware with minimal configurable options.  This computer should still operate as a server but may require additional configuration through the operating system to properly manage power and efficiency settings.

Disable Unused HardwareHardwares
& Features

You can increase the overall security of a home server by disabling extraneous hardware as a proactive measure to decrease your cyber attack surface area.

Some common hardware components to disable are:

  • Serial and Parallel Ports
  • Audio Ports
  • Bluetooth
  • Wireless Internet
  • Trust Protection Module

Bluetooth can be left on for connecting smart devices, but can be insecure.  Wireless can be left on to create a local network, but should not be used as the main connection for a server.

Power-Saving Features   

    Enable all powersaving features on the CPU.
   

Boot PrioritySettings
    Disable booting from all HDDs or Controllers (except for the drives I'm actually booting off of).  Keyboard mouse halt, Secure Boot, fast boot.

Power management

Management

WakeDisable onschedules, Lan

disable

Keyboardpower mouseefficiency, halt

Wake-On

SecureLan, Boot

TPM module

Fast boot 

Restart after failure

Network boot

Storage Interface

AHCI vs SATA vs RAIDRAID.

Back to top