Compaq EN Series Personal Computer User Manual


 
Chapter 4 System Support
Compaq Deskpro EN Series of Personal Computers
Desktop and Minitower Form Factors
Third Edition - September 1998
4-52
4.8.1 FLASH ROM WRITE PROTECT
The system BIOS firmware is contained in a flash ROM device that can be re-written with
updated code if necessary. The ROM is write-protected with a Black Box* security feature. The
Black Box feature uses the Administrator password to protect against unauthorized writes to the
flash ROM. During the boot sequence, the BIOS checks for the presence of the ROMPAQ
diskette. If ROMPAQ is detected and the password is locked into the Black Box with the Protect
Resources command, an Access Resources command followed by Administrator password entry
must occur before the ROM can be flashed. If the Permanently Lock Resources command has
been invoked, the power must be cycled before the ROM can be flashed. The system ROM is
write-protected as follows:
Start Addr. End Addr.
Data Type Protection
C0000h EFFFFh Option ROM Password write-protected
F0000h F7FFFh System BIOS Password write-protected
F8000h F9FFFh ESCD Never write-protected
FA000h FFFFFh Boot Block Always write-protected
The flashing functions are handled using the INT15 AX-E822h BIOS interface.
4.8.2 PASSWORD PROTECTION
When enabled, the user is prompted to enter the power-on password during POST. If an
incorrect entry is made, the system halts and does not boot. The Power-On password is stored in
eight bytes at configuration memory locations 37h-3Fh. These locations are physically located
within the 87307. At the time a new password is written into 37h-3Fh, the password is also
written into Black Box* logic contained within the System Security ASIC. The Black Box logic
is used for power-on password protection support instead of the port 92 sequence used on other
systems. The Black Box logic prevents inadvertent or unauthorized access to the password bytes
of the 87307 by monitoring I/O ports 70/71h for access to the 37h-3Fh CMOS range and
inhibiting the AEN signal to the 87307 if such access is detected. Slot 1 of the Black Box logic
can be written to at runtime, allowing the user to change the power on password without cycling
power and going through the F10 method. The Black Box password cannot be read.
The power-on password function can be disabled by setting DIP SW1 position 1 to on (closed).
The administrator password is stored in eight bytes at configuration memory locations 78h-7Fh.
If the administrator password function is enabled, the user is prompted to enter the password
before running F10-Setup or before booting from a ROMPAQ diskette. If an incorrect entry is
made, the system halts and does not boot. The administrator password is also stored in the Black
Box* logic. Black Box logic acting as the sentry for the administrator password by preventing
inadvertent or unauthorized writing to the Flash ROM.
*
Black Box logic is Compaq-proprietary and controlled exclusively through the BIOS ROM.