Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
This chapter is from the book

OpenBoot Security

Anyone who has access to a computer keyboard can access OpenBoot and modify parameters unless you set up the security variables. These variables are listed in Table 3.11.

Table 3.11 - OpenBoot Security Variables

Variable

Description

security-mode

Restricts the set of operations that users are allowed to perform at the OpenBoot prompt.

security-password

Specifies the firmware security password. (It is never displayed.) You should not set this variable directly; you set it by using password.

security-#badlogins

Specifies the number of incorrect security password attempts.


To set the security password, you type the password at the ok prompt, as shown in the following:

New password (only first 8 chars are used): <enter password>
Retype new password: <enter password>

WARNING

Setting the OpenBoot Security Mode It is important to remember your security password and to set it before setting the security mode. If you later forget this password, you cannot use your system; you must call your vendor's customer support service to make your machine bootable again.

If you are able to get to a Unix prompt as root, you can use the eeprom command to either change the security-mode parameter to none or reset the security password.

Earlier in this chapter you learned how to change the OpenBoot parameter security-password from the command line.

After you assign a password, you can set the security variables that best fit your environment.

You use security-mode to restrict the use of OpenBoot commands. When you assign one of the three values shown in Table 3.12, access to commands is protected by a password. The syntax for setting security-mode is as follows:

setenv security-mode <value>

Table 3.12 - OpenBoot Security Values

Value

Description

full

Specifies that all OpenBoot commands except go require a password. This security mode is the most restrictive.

command

Specifies that all OpenBoot commands except boot and go require a password.

none

Specifies that no password is required. This is the default.


The following example sets the OpenBoot environment so that all commands except boot and go require a password:

setenv security-mode command

With security-mode set to command, a password is not required if you enter the boot command by itself or if you enter the go command. Any other command requires a password, including the boot command with an argument.

The following are examples of when a password might be required when security-mode is set to command:

Example

Description

ok boot No password is required.
ok go No password is required.
ok boot vmunix A password is required.

The system displays a password prompt as follows:

Prompt

Description

Password The password is not echoed as it is typed.
ok reset-all A password is required.

The system displays a password prompt as follows:

Prompt

Description

Password Type the password.

Note that with Password, the password is not echoed as it is typed.

If you enter an incorrect security password, there is a delay of about 10 seconds before the next startup prompt appears. The number of times that an incorrect security password can be typed is stored in the security-#badlogins variable, but you should not change this variable.

  • + Share This
  • 🔖 Save To Your Account