OpenBoot Security

Anyone who has access to the computer keyboard can access OpenBoot and modify parameters unless you set up your security variables. These variables are listed in Table 10.11.

Table 10.11. OpenBoot Security Variables
Variable Description
security-mode Restricts the set of operations that users are allowed to perform at the OpenBoot prompt.
security-password The firmware security password. (It is never displayed.) Do not set this variable directly. This variable is set using password.
security-#badlogins The number of incorrect security password attempts.

Caution

It is important to remember your security password and to set it before setting the security mode. If you forget this password, you cannot use your system; you must call your vendor’s customer support service to make your machine bootable again.


To set the security password, type the following at the ok prompt:

ok password 
ok New password (only first 8 chars are used): <enter password> 
ok Retype new password: <enter password>

Earlier, I showed how to change the OpenBoot parameter security-password from the command line.

After assigning a password, you can set the security variables that best fit your environment.

security-mode is used to restrict the use of OpenBoot commands. When you assign one of the following three values, access to commands is protected by a password. The syntax for setting security-mode is as follows:

setenv security-mode <value>

The value that you enter for security-mode is one of the three values listed in Table 10.12.

Table 10.12. OpenBoot Security Values
Value Description
full All OpenBoot commands except go require a password. This security mode is the most restrictive.
command All OpenBoot commands except boot and go require a password.
none No password is required (default).

The following example sets the OpenBoot environment so that all commands except boot and go require a password:

setenv security-mode command

With security-mode set to command, a password is not required if you type the boot command by itself or the go command. Any other command will require a password, including the use of the boot command with an argument.

The following are examples of when a password might be required when security-mode is set to command:

ok boot No password is required.
ok go No password is required.
ok boot vmunix A password is required.

The system displays a password prompt as follows:

Password The password is not echoed as it is typed.
ok reset-all A password is required.

The system displays a password prompt as follows:

Password Type password.
Note: The password is not echoed as it is typed.

If you enter an incorrect security password, there will be a delay of about 10 seconds before the next startup prompt appears. The number of times that an incorrect security password can be typed is stored in the security-#badlogins variable. The syntax is as follows:

setenv security-#badlogins <variable>

For example, you can set the number of attempts to four with the following command: 

setenv security-#badlogins 4

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset