USB Boot Password

Just got my framework earlier today and loving it so far. Before I used this device, I used a thinkpad and had it configured to have a bios password. When the bios password was set, it would also require the bios password to boot to a USB device with the one time boot override key. The framework does not work this way. Would it be possible to implement this in a future firmware update? I think it would be fantastic for security as it prevents people from simply inserting a USB stick to take your files. For now I can simply disable USB boots when I’m not installing an OS, it just seems like a convenient option.

Tangentially related, how do I download firmware updates? I haven’t been able to find it on the Framework website.

1 Like

We currently have a beta release 3.03 available for testing: Public Beta Test: BIOS v3.03 + Driver Bundle 2021_08_31

@A_Moose I don’t disagree about the convenience, but there’s a better way to protect your files: encrypt your drive. That way, nobody can access your files by removing the SSD. Bitlocker for Windows, LUKS for Linux, just to name a couple examples. The performance cost is extremely small, and some SSDs have hardware-based encryption.

1 Like

@Jacob_Padgett I’m actually looking into that right now after noticing windows 11 automatically encrypts the system partition with Bitlocker! I generally run a dual boot system so I’m currently looking for ways to get LUKS and Bitlocker to play nice with each other, ideally with both automatically decrypting at boot time. It’s a bit outside of the purpose of this thread, but I may make a new thread if I have any valuable information to add on the subject.

1 Like

I also find that the one-timt boot override menu should be covered by the BIOS admin password. All other devices I have owned implemented it this way.
Even if my drive is fully encrypted, I still would like to prevent others booting software from external drives without knowledge of the password…