Removing OBP/EEPROM passwords (was RE: [rescue] ID this card???)

Loomis, Rip rescue at sunhelp.org
Fri Jul 13 08:03:42 CDT 2001 

There may be a simpler way to remove the OBP password...

Alternative method 1:
The options for "security-mode" are none, full, and 
command.  If you have a system which is set to "full",
then it won't boot at all without the password (even
from the default boot device) and you will need to
pull the chip.

It's much more common, however, for a system coming
out of a sensitive environment to have the security-mode
set to "command".  You don't need to pull the chip to
get around this one--just:
1.  Figure out the SCSI ID of the default boot device
2.  Pull any internal drives that correspond to the
    default boot device.
2a. If the default boot device was "net", then you'll
    need to set up a boot server...the easiest way to
    do that and recover the system is a jumpstart
    server--let me know if you need info on that.
3.  Hook up an external CD-ROM, and change its SCSI
    ID to match the default boot device
4.  Boot up off Solaris installation media, and open
    up a terminal window (or get console access) as
    root.
5.  Use the command "eeprom security-mode=none" as root
    to un-require the PROM password.

Once upon a time, I got a well-loaded SPARC 5 for $40
because the seller didn't know how to do the above.
YMMV.  Alternative method 2, BTW, is essentially the
same as above, but it's for people who have another
similar system which they *can* boot...just swap the
hard drive from the accessible system into the one that
has the PROM password set.  Alternative method 3 (for
completeness) is for the case where the PROM password
is set but you can boot the system and log in as root...
in which case the "eeprom" command is your friend.

If the security-mode is set to "full", though, then
it's time to pull chips and James L.'s procedure is
the gospel.

--
Rip Loomis
Senior Systems Security Engineer, SAIC CIST
Brainbench MVP for Internet Security
http://www.brainbench.com  [Transcript 1923411]


> -----Original Message-----
> From: Jeff Borisch [mailto:jborisch at columbus.rr.com]
> Sent: Thursday, 12 July, 2001 23:28
> To: rescue at sunhelp.org
> Subject: Re: [rescue] ID this card???
> 
> 
> s at avoidant.org wrote:
> 
> > The classic seems to
> > have a prom password. Any known way of getting around
> > (or rid of) it? No boot happening now :(
> > 
> 
> Here is a good description of what to do... written by list 
> member James
> (Lockwood?) It worked for me.
>

More information about the rescue mailing list