The NVRAM system security variables are:
security-mode
security-password
security-#badlogins
security-mode can restrict the set of operations that users are allowed to perform from the User Interface. The three security modes, and their available commands, are listed in the following table in the order of most to least secure.
Table 3-4 Commands Available for security-mode Settings
Mode |
Commands |
---|---|
full |
All commands except for go require the password. |
command |
All commands except for boot and go require the password. |
none |
No password required (default). |
With security-mode set to command:
A password is not required if you type the boot command by itself. However, if you use the boot command with an argument, a password is required.
The go command never asks for a password.
A password is required to execute any other command.
Examples are shown in the following screen.
ok boot (no password required) ok go (no password required) ok boot filename (password required) Password: (password is not echoed as it is typed) ok reset-all (password required) Password: (password is not echoed as it is typed)
It is important to remember your security password and to set the security password before setting the security mode. If you forget this password, you cannot use your system; you must call your vendor's customer support service to make your machine bootable again.
To set the security password and command security mode, type the following at the ok prompt:
ok password ok New password (only first 8 chars are used): ok Retype new password: ok setenv security-mode command ok
The security password you assign must be between zero and eight characters. Any characters after the eighth are ignored. You do not have to reset the system; the security feature takes effect as soon as you type the command.
If you enter an incorrect security password, there will be a delay of about 10 seconds before the next boot prompt appears. The number of times that an incorrect security password is typed is stored in the security-#badlogins variable.
The full security mode is the most restrictive. With security-mode set to full:
A password is required any time you execute the boot command.
The go command never asks for a password.
A password is required to execute any other command.
ok go (no password required) ok boot (password required) Password: (password is not echoed as it is typed) ok boot filename (password required) Password: (password is not echoed as it is typed) ok reset-all (password required) Password: (password is not echoed as it is typed)
It is important to remember your security password and to set the security password before setting the security mode.. If you forget this password, you cannot use your system; you must call your vendor's customer support service to make your machine bootable again.
To set the security password and full security, type the following at the ok prompt:
ok password ok New password (only first 8 chars are used): ok Retype new password: ok setenv security-mode full ok