[yocto-security] Design for initial expired default password
Richard Purdie
richard.purdie at linuxfoundation.org
Thu Jul 25 18:43:56 AEST 2019
On Wed, 2019-07-24 at 18:06 -0500, Joseph Reynolds wrote:
> I pushed an OpenBMC design to [Gerrit review][] for the OpenBMC
> project
> for a new distro or image feature (disabled by default) which causes
> the
> initial password to be disabled by default, so the password has to
> be
> changed before using the BMC.
>
> This design is intended to make it easier to comply with the new CA
> law
> [SB-327][] which becomes effective on 2020-01-01 (in 5 months).
>
> - Joseph
>
> [Gerrit review]:
> https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/23849
> [SB-327]:
> https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327
I'm fine with adding a mechanism like this. I'd suggest it should be an
image feature rather than a distro feature as you'll only realistically
know the users, image usage and so on in the image recipe itself
(locking up an initramfs would be bad).
Cheers,
Richard
More information about the openbmc
mailing list