Move away from default password

Adriana Kobylak anoo at linux.ibm.com
Tue Jun 18 04:41:30 AEST 2019


>> 1. Unique password per BMC.
>> In this approach, there is a way to change the factory default 
>> password.  Example flow: assemble the BMC, test it, factory reset, 
>> generate unique password (such as `pwgen`), then use a new function 
>> “save factory default settings” which would save the current 
>> setting into a new “factory settings” flash partition. After that, 
>> a factory reset would reset to the factory installed password, not to 
>> the setting in the source code.

How would this new "factory settings" flash partition be protected 
against being modified by an unauthorized or malicious user?

>> Presumably the new factory default would be printed on a sticker, or 
>> something.
>> Are there any other factory settings (settings unique to each device) 
>> that would benefit from being set like this?
>> One downside to this approach is someone who orders 100 systems has to 
>> enter 100 unique passwords.
>> 



More information about the openbmc mailing list