What kind of safety does the BIOS password guarantee?

I think the response will vary depending on the manufacturer, but I will try to answer with reference to Dell example.

Password to request when launching the BIOS UI.

I think the main purpose is to prevent inadvertent configuration changes, including misoperation.

In most cases, pressing a specific key will cause the BIOS screen to boot, but unfamiliar users may unintentionally boot and change the settings without knowing what to do.

Password to request when booting the system.

As for the password to protect the system, if it is physically accessible (=removed) as you are concerned, the contents will be read.

Password to request before accessing the hard disk.

The hard drive itself is set with a password, so even if it is pulled out, it will not be able to sneak a look inside.

There seems to be a way to set it up from Windows, so I think it's just a way to set it up on a hard drive rather than a BIOS feature.

reference:
What passwords can be set in the BIOS - Dell Community

Depending on usage and purpose of use, I think it will change how much and how much it is meaningful, so I will answer with specific usage examples.

PCs commonly used by multiple users, such as study PCs in school classrooms and PC's for users in PC rooms.

These PCs are not easily broken down by security locks and are not easily taken out by security wires.It's not really impossible, but if you don't have a proper key, you'll have to force it open with a tool, so think it's impossible to extract only the HDD (which may be SSD, but I won't tell you in this answer).

What these PCs must prevent is that they go beyond the limitations of the features available to them.To prevent attacks on the network or other PCs, users should not be given administrative privileges and should limit the available features.It means that they should not be torn.The minimum requirement is to properly configure and manage the operating system, such as not giving users administrative privileges.

What we need to think about is how to prevent the above restrictions from being removed without going through the OS.No matter how strong and configured the operating system is, if you can boot another operating system from a DVD or USB, you have the freedom to modify the hard drive in your PC.In such cases, there are many ways to deprive the hard drive of administrative privileges unless it is encrypted separately.In other words, you need to prevent another OS boot.

The BIOS allows you to limit the number of bootable devices.It can only boot to the hard drive in the PC and not to the DVD or USB.However, no matter how much you limit the settings, there is no point if the user can manipulate the BIOS settings.This is because you can change the BIOS settings and boot from a DVD or the like.That's where the password you'll need to launch the BIOS UI appears.

If the password required to start the BIOS UI is set, users who do not know the password cannot change it to boot from a DVD or the like, so they cannot use a different operating system.Because the hard drive cannot be physically pulled out, the user will not have the means to modify the hard drive in the PC to suit their convenience.This prevents the administrator from attempting to exceed the limit.

Therefore, it is essential to set the password required to launch the BIOS UI on these shared PCs.It also means preventing mischief, such as setting the BIOS strangely and disabling it.

これ This does not mean that security is complete, but it is just one of the things to be implemented to prevent other OS boot restrictions from being avoided.

メーカー Depending on the manufacturer, you may be able to change the BIOS settings from the OS.Even so, administrator privileges are required to make configuration changes, and users are not allowed to make configuration changes in principle.