Move away from default password
Adriana Kobylak
anoo at linux.ibm.com
Tue Jun 18 04:41:30 AEST 2019
>> 1. Unique password per BMC.
>> In this approach, there is a way to change the factory default
>> password. Example flow: assemble the BMC, test it, factory reset,
>> generate unique password (such as `pwgen`), then use a new function
>> “save factory default settings” which would save the current
>> setting into a new “factory settings” flash partition. After that,
>> a factory reset would reset to the factory installed password, not to
>> the setting in the source code.
How would this new "factory settings" flash partition be protected
against being modified by an unauthorized or malicious user?
>> Presumably the new factory default would be printed on a sticker, or
>> something.
>> Are there any other factory settings (settings unique to each device)
>> that would benefit from being set like this?
>> One downside to this approach is someone who orders 100 systems has to
>> enter 100 unique passwords.
>>
More information about the openbmc
mailing list