Move away from default password

[Carter Su(苏孝)]

Having a default password is a security risk, but if per BMC has an unique password, it may not very convenient for customer to use.
Customers will change the default password when they install new machinery, or they may creat new account and password for BMC to use.


Carter Su


---------- Forwarded message ---------
From: Stewart Smith <stewart at linux.ibm.com>
Date: Tue, Jun 18, 2019 at 6:59 AM
Subject: Re: Move away from default password
To: Adriana Kobylak <anoo at linux.ibm.com>, Joseph Reynolds <jrey at linux.ibm.com>
Cc: openbmc <openbmc-bounces+anoo=linux.ibm.com at lists.ozlabs.org>,
Openbmc <openbmc at lists.ozlabs.org>, Thomaiyar, Richard Marian <richard.marian.thomaiyar at linux.intel.com>


Adriana Kobylak <anoo at linux.ibm.com> writes:
>>> 1. Unique password per BMC.
>>> In this approach, there is a way to change the factory default 
>>> password.  Example flow: assemble the BMC, test it, factory reset, 
>>> generate unique password (such as `pwgen`), then use a new function 
>>> “save factory default settings” which would save the current setting 
>>> into a new “factory settings” flash partition. After that, a factory 
>>> reset would reset to the factory installed password, not to the 
>>> setting in the source code.
>
> How would this new "factory settings" flash partition be protected 
> against being modified by an unauthorized or malicious user?

My guess would be it'd be protected the same way that the default password is today: not at all. If an attacker can write to flash, the only way to reset the box is to dediprog the BMC flash chip.

--
Stewart Smith
OPAL Architect, IBM.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4084 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190620/265441d4/attachment-0001.bin>