When the SAKA boots—cold or warm reboot—the appliance provides the option to go into the machine's BIOS Setup to modify its configuration parameters, including access to the Trusted Platform Module (TPM).
The SAKA Model-T appliance relies on the TPM cryptographic hardware to generate, store, and protect the appliances Storage Root Key (SRK) within the TPM. The SRK protects the key hierarchy (described in KAM Key Management) and sensitive data on the appliance.
Access to the TPM is provided either through the system BIOS or programmatically through software. Accessing the TPM through software requires the three Key Custodians to activate the TPM with their respective PINs, but access to the TPM through the BIOS is controlled through the system BIOS password.
While a malicious insider with access to the BIOS cannot compromise encrypted data or keys protected by the TPM, the attacker can clear the TPM. Clearing the TPM erases the SRK, effectively making impossible on that appliance the decryption of any cryptographic key protected by the SRK. This is a permanent effect.
![]() |
StrongKey typically supplies a default password—Abcd1234!—to the BIOS during installation, with instructions to change it immediately. The process to change the password is as follows:
Boot or reboot the appliance.
As soon as BIOS screen prompts are visible, ss the appropriate function key to enter the System Setup.
When prompted for a BIOS password, either type in Abcd1234! or the current password. If there is no BIOS password, the Setup screen will open directly without any prompts.
Navigate to the Security screen and the menu option to set a password for the BIOS Setup.
Change the password. It may prompt once for the current password if one is set. The new password must be entered twice.
Save the password with the appropriate function key prompts and exit the Setup screen.
Repeat this process on all other SAKA servers.