One of my long-term goal of maximizing my computer security. Since roughly two years I went from better-than-average settings to seriously trying to harden my operating systems as good as possible.
As I mentioned previously, my Windows knowledge is pretty much stuck in the XP-era. XP isn’t quite representing the status of current Microsoft operating systems. When reading “Windows 11” many people instinctively think of telemetry, software bloat, Copilot, forced online accounts and all this rubbish. I’m more interested in the things under the hood. For example: Virtualization‑Based Security (VBS), Hypervisor‑Protected Code Integrity (HVCI) and App Control for Business. I needed a pretty recent device offering the hardware Windows 11 expects (TPM 2.0, CPU with IOMMU, Secure Boot using year 2023 certificates) to do experiments… without playing around with my mum’s computer.
Dell Latitude 3420
Yesterday I got a used Dell Latitude 3420 manufactured in March 2022 for a good price. This is an entry level, small (14″) business laptop with modest specs. Exactly what I needed. Seeing several USB connectors, a headphone jack, micro-SD card reader, HDMI and Ethernet, I’m quite happy with the connectivity. Battery still going strong.
I’ve opened the back cover to find only one of two SO-DIMM slots is occupied with 1x16GB DDR-4. Due to currently insanely inflated RAM prices I can’t even think of upgrading to 2x32GB which this laptop is supposed to support.
Windows 11 25H2 Professional is preinstalled. The previous owner even updated the BIOS/UEFI to latest version. BitLocker with XTS-AES 256 using enhanced PIN+TPM as protector works like a charm.
Slowly you, the reader, might start wondering why the title of this entry contains “Sinchen Rant” given that I solely listed pleasant things making me happy. I’m glad you asked!
BIOS/UEFI Password
Protecting your BIOS/UEFI with a mediocre password in order to prevent an attacker from starting their own OS or tampering with settings is good practice. I do it all on all of my computers. Naturally I did it on the Dell. AND THEN I GOT VERY ANGRY!!
This stupid piece of dogsh*t of a laptop insisted on locking me, its new owner, out…pretending I typed an “invalid password”. What was happening? Could I have made the same typo twice entering my password I’m used to type everyday? Have I become senile?
Half an hour I typed variants of my password to no avail. I even started looking up master password generators (Spoiler: Doesn’t work on recent Dell models). Did I just trash a laptop within the first hour of working with it? Do I have to contact support, send them proof of ownership and beg for an unlock?
Angrily I typed the password once more. Quickly like usual not paying attention to type it correctly. Password correct! Laptop happy. Sinchen confused. Now change the apparently wrongly saved password! Well F…! Type the old password again before you can set a new one: Invalid, invalid, invalid.
STUPID LAPTOP! I AM YOU MASTER! BOW DOWN AND OBEY YOUR MASTER’S COMMANDS!
Unimpressed the laptop ignored my yelling until I typed the password quickly again. Suddenly it was correct and I noticed the number of * characters was one fewer than it should be.
Solution
The keyboard polling in this UEFI is slow and garbage. Typing repeated characters like ee, nn, oo quickly often results in only one is acknowledged. Same for the Shift key. Pressing it or letting it go while typing quickly might result in wrong capital letter instead of small letter or vice versa. I typed the correct password at snail speed to make sure the UEFI would record it correctly this time. R o u g h l y_o n e_ l e t t e r_ p e r_ s e c o n d. Now my password is saved correctly, but entering UEFI setup still requires typing really slow.
No problems on BitLocker enhanced PIN (basically a complex password). No problems typing complete texts in Windows.
This madness just almost cost me a newly obtained laptop, since it seems Dell got better at preventing bypasses. Not saying there is no bypass, but officially some Dell computers can be set to a mode where support allegedly is unable to help other than by motherboard replacement.
What a great way to start a morning! At least with a good ending.
I hate my life!