1. Installation and Administration Guide
  2. Upgrade and Configure Integrated Lights Out Manager (ILOM)
  3. Configure OpenBoot Firmware

Configure OpenBoot Firmware

Ensure that the OpenBoot firmware has specific settings defined to secure firmware variables.

Boot into the OpenBoot firmware and check settings under whenever you deploy a SPARC KMA or upgrade the ILOM firmware on the KMA. If you need to configure the OpenBoot firmware for a KMA, perform the procedure below. For more information, refer to the SPARC T7 or T8 Series Security Guide section on "Restricting Access(OpenBoot)" or to the OpenBoot™ 4.x Command Reference Manual, and the section on "Setting Security Variables". When you boot into the OpenBoot firmware, a password prompt may appear if you have a password already defined.
  1. To display variables:

    ok printenv

  2. Set a security password to restrict the set of operations that users are allowed to perform:

    ok password

    Caution:

    It is important to remember your security password and to set the security password before setting the security mode. If you forget this password, you cannot use your system; you must then use an ILOM account with sufficient privileges to reset the NVRAM.

    You will then be prompted to supply a secure password. The security password you assign must be between zero and eight characters. Any characters after the eighth are ignored. You do not have to reset the system; the security feature takes effect as soon as you type the command.

  3. Specify the security mode to either "command" or "full". Full security is the most restrictive and will require the password for any operation, including each time the system boots. For this reason the "command" mode is recommended.

    ok.setenv security-mode command

    ok

  4. It is recommended that you also specify the number of password attempts:

    ok setenv security-#badlogins 10

  5. Now boot the system and verify that it boots correctly:

    ok boot

  6. Log in to the ILOM web-based interface. Navigate to Host Management>Boot Mode. In the Script text box enter "setenv auto-boot? true" and click SAVE. This configures the host to automatically boot off the default boot device without entering OpenBoot firmware each time it is booted.
  7. Go to Initial ILOM Configuration to continue the installation.