A method, computer program product and computer system for securing
alterable data. A computer that is remotely managed may be equipped with
a protected storage that is accessible only by BIOS code. The protected
storage may have the capacity to store a symmetrical encryption key. An
EEPROM, which normally contains the BIOS code, may be used to store
accessible configuration data as well as remotely unaccessible sensitive
access information (e.g., passwords). The remotely unaccessible sensitive
data is encrypted with the symmetrical encryption key by the BIOS code.
Remote access to the sensitive data is accomplished via change requests
submitted to the BIOS code over a secure channel. The BIOS code then
determines whether the request is valid. If so, then sensitive data is
decrypted, altered, encrypted, and re-written into the EEPROM. Normal
access to accessible data is unaffected and remote access is allowed
without changing the computer system architecture.