PC configuration data, such as boot-up sequences, passwords, access rights, etc., must be protected in order to ensure the authenticity of the user and the Boot source. Some of this data (e.g., Boot sequences and access rights) maybe viewed by anyone, but this data must be protected from overt or inadvertent change. Other data (e.g., passwords) must be completely hidden. The usual method of protecting system configuration and security data is to hide all of it in a protected non-volatile random access memory (NVRAM). During Power-On-Self-Test (POST), system configuration and access data are used to verify the identity of the user and to determine the appropriate access rights and Boot devices. POST is a series of built-in diagnostics performed by the BIOS in a PC when the computer is first started or powered up. Just before boot, POST locks the system configuration and access data in a NVRAM device. While this provides adequate security of the access data, it makes it difficult to remotely change the system configuration data.
There is, therefore, a need for a method to protect the system configuration and access data from unauthorized users, yet provide for a method of easily changing the system configuration via an authorized runtime management agent.