[yocto-security] Design for initial expired default password

Richard Purdie richard.purdie at linuxfoundation.org
Thu Jul 25 18:43:56 AEST 2019

On Wed, 2019-07-24 at 18:06 -0500, Joseph Reynolds wrote:
> I pushed an OpenBMC design to [Gerrit review][] for the OpenBMC
> project 
> for a new distro or image feature (disabled by default) which causes
> the 
> initial password to be disabled by default, so the password has to
> be 
> changed before using the BMC.
> This design is intended to make it easier to comply with the new CA
> law 
> [SB-327][] which becomes effective on 2020-01-01 (in 5 months).
> - Joseph
> [Gerrit review]: 
> https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/23849
> [SB-327]: 
> https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327

I'm fine with adding a mechanism like this. I'd suggest it should be an
image feature rather than a distro feature as you'll only realistically
know the users, image usage and so on in the image recipe itself
(locking up an initramfs would be bad).



More information about the openbmc mailing list