[OpenPower-Firmware] Implementing Users/Passwords in Petitboot
Jeremy Kerr
jk at ozlabs.org
Fri Mar 16 17:41:25 AEDT 2018
Hi Stewart,
>> Yeah, I think that's fine. The only drawback is that it allows an
>> unauthenticated user to prevent the boot indefinitely, but there are
>> probably other ways to do that once you have access to a console.
>
> Is there?
Not specifically using the console, but using the credentials you've
used to access the console.
If you have IPMI (or similar) credentials to access the SoL channel, you
can just turn the machine off.
If you have local access to the machine to plug serial in directly, you
can unrack it and put it in the bin.
... both of these giving the same denial-of-service results.
Unless we have finer-grained authorisation on console access vs. power
control, that is.
Cheers,
Jeremy
More information about the OpenPower-Firmware
mailing list