Title: Securing the boot PROM

KBTAG: kben10000085
URL: http://www.securityportal.com/lskb/10000050/kben10000085.html
Date created: 17/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Securing the boot PROM
Keywords: Console

Summary:

Like the BIOS in a PC the boot PROM in Sparc and Ultrasparc hardware has a number of security related features.

More information:

There does not yet appear to be a Linux equivalent to the Solaris "eeprom" command, which is used to modify the eeprom settings. However if you have Solaris installed you can modify the eeprom settings, there are three modes:

none - no password required, all openboot settings can be modified, basically no security.

command - all commands except for boot and go are passworded, you can boot from default partition, you can hit Stop-A and then go, password is required to modify anything.

full - all commands except for go are passworded.

Obviously "full" is the most secure and should definitely be applied to important servers. to set these use:

#eeprom security-password

to first set the password, and then:

#eeprom security-mode=[insert mode here]

Lastly you can set the boot banner using:

#set oem-banner? true
#set oem-banner "Example.org, no unauthorized access allowed"