Path: utzoo!utgpu!attcan!uunet!lll-winken!ames!husc6!rice!sun-spots-request
From: gww@sun.com (Gary Winiger)
Newsgroups: comp.sys.sun
Subject: L1-A
Message-ID: <8812282013.AA00265@marduk.Sun.COM>
Date: 6 Jan 89 23:38:17 GMT
Sender: usenet@rice.edu
Organization: U.Va. CS in Charlottesville VA
Lines: 21
Approved: Sun-Spots@rice.edu
Original-Date: Wed, 28 Dec 88 12:13:53 PST
X-Sun-Spots-Digest: Volume 7, Issue 90, message 5 of 9

There has recently been discussion of bypassing operating system security
by using the PROM monitor.  Various solutions have been proposed such as
disabling L1-A in the kernel and fixing the PROM monitor.

As of version 2.8 of the PROM monitor, three security modes are provided:
1) Non-secure mode provides complete access to the PROM commands as is the
case in earlier PROM monitors.  2) Command secure mode requires the entry
of a password to access commands other than Boot and Continue with no
parameters.  This permits ``normal'' operation of powering up, booting,
crashing and rebooting.  3) Fully secure mode requires the entry of a
password to access all commands other than Continue with no parameters.
This effectively locks the workstation if it is power cycled, or crashed.
If the workstation is in the fully secure mode and the password is
forgotten, the workstation can't be booted and the CPU board must be
serviced as a failed board.

When it's available, the 2.8 PROM will be shipped in all new workstations.
When a workstation starts its boot sequence, it displays the PROM revision
level.

Gary..