Just wanted to add that your BIOS password can be circumvented by taking out the CMOS battery. That will clear all your settings and allow unrestricted access. A BIOS password should absolutely never be used as a form of security, it is trivial to bypass.
I also want to add that the TPM will request the recovery key if the BIOS goes back to factory defaults. I also think changing the secure boot setting might trigger it. If that’s the case then a BIOS password is pretty useless.
I believe that the TPM will refuse to provide keys after secure boot is disabled, but I didn’t intend to imply that it could be used to bypass TPM decryption or anything. Just as an aside that BIOS passwords are effectively useless at preventing access to the BIOS.
Just wanted to add that your BIOS password can be circumvented by taking out the CMOS battery. That will clear all your settings and allow unrestricted access. A BIOS password should absolutely never be used as a form of security, it is trivial to bypass.
I also want to add that the TPM will request the recovery key if the BIOS goes back to factory defaults. I also think changing the secure boot setting might trigger it. If that’s the case then a BIOS password is pretty useless.
I believe that the TPM will refuse to provide keys after secure boot is disabled, but I didn’t intend to imply that it could be used to bypass TPM decryption or anything. Just as an aside that BIOS passwords are effectively useless at preventing access to the BIOS.