[OpenPower-Firmware] Implementing Users/Passwords in Petitboot

Jeremy Kerr jk at ozlabs.org
Fri Mar 16 15:06:12 AEDT 2018


Hi Sam,

> This is a good point; I reckon if we're going to implement any of this we
> should go the whole way and get as close to (3) as is reasonable.

Yep, otherwise all we're doing is obscuring the ability to change those
settings from a different (but equally privileged) environment - the
booted OS.

> Perhaps we would still allow the user to 'pause' a countdown to see
> system information or logs - basic information that a normal user may
> want to see.

Yeah, I think that's fine. The only drawback is that it allows an
unauthenticated user to prevent the boot indefinitely, but there are
probably other ways to do that once you have access to a console.

> I liked the idea mentioned elsewhere of having pb-discover use the
> connecting process's UID to determine privileges, but looking into ways
> to do that we'll probably need to keep an eye on portability (eg. ucred
> structs).

We're already pretty linux-specific, relying on udev and kexec...

Cheers,


Jeremy


More information about the Petitboot mailing list