Sun Fire V240 Server
 
Sun Fire V440 Server
 
Sun Fire V480 Server
 
Sun Fire V490 Server
 
Sun Fire V880 Server
 
Sun Fire V890 Server
 

PLA-Support>Sun Systems>SPARC>Usx/Blade/Netra>SN-SPARC: USx
 
.Old GCS Categories>Sun Microsystems>Servers>Entry-Level Servers
 

It is always recommended that all systems have their OBP protected. This is to make sure that non-authorized personnel cannot boot the system from any external device (hard disk, or CD-ROM) and get complete control over the system.

There are three levels of security in OBP as explained below. The default is 'none'.

Setting the OpenBoot Password:

1. From Solaris[TM] Prompt:

# eeprom security-password
Changing PROM password:
New password:********
Retype new password:********
# 

2. From OpenBoot Prompt:

ok password
ok New password (only first 8 chars are used):********
ok Retype new password:********

Setting OpenBoot Security Level:

1. From Solaris Prompt:

The following line sets the security level to 'full'

# eeprom security-mode=full

2. From OpenBoot Prompt:

The following line sets security level to 'command'

ok setenv security-mode command

Resetting OpenBoot Number of Incorrect Password Attempts:

The security-#badlogins OBP parameter records the number of failed security password attempts.

When changing other OBP security parameters, it is good practice to reset the value of the parameter security-#badlogins to zero - if it wasn't already initialized -, so that the number of incorrect security password attempts can be detected.

1. From Solaris Prompt:

The following line resets the OBP parameter security-#badlogins

# eeprom security-#badlogins=0

2. From OpenBoot Prompt:

The following line resets the OBP parameter security-#badlogins

ok setenv security-#badlogins 0

Warning:

• If the OBP password is forgotten and security mode is set to 'full', it can only be changed with 'eeprom' command from Solaris prompt with user root.

• If both OBP and root passwords are forgotten and security mode is 'full', the system PROM must be replaced, because you cannot boot from CD-ROM to recover the root password without the OBP password.

NOTE:

SPARC (R)
Information in this document is applicable for SPARC based systems, because they implement firmware password protection with eeprom using the security-mode, security-password and security-#badlogins properties.

IA
In IA based systems (where Solaris x86 can run), OBP security parameters have no special meaning or behavior.
EEPROM storage is simulated using a file residing in the platform specific boot area. The /platform/platform-name/boot/solaris/bootenv.rc file simulates EEPROM storage. Because IA based systems typically implement password protection in the system BIOS, there is no support for password protection in the eeprom program. While it is possible to set the security-mode, security-password, and security-#badlogins properties on IA based systems, these properties have no special meaning or behavior on IA based systems.

This solution has no attachment