A method of protecting basic input/output system (BIOS) code. The method includes, with a relocation information tool executed by a processor, refactoring a number of data sections within a number of handlers of the BIOS code to tag a number of variables within the handlers. The tags indicate which of the variables should be protected at runtime. The method further includes generating a relocation file comprising a number of relocation addresses identifying locations of a number of dynamic variables that change at runtime. The relocation addresses point to a location within the handlers different from an original location. The method further includes, with a loader, loading at runtime the relocation file as part of a BIOS firmware image and adjusting data access to the dynamic variables in handler code to identify the location of the dynamic variables based on the relocation file.