Information
Oracle SPARC systems support the use of a EEPROM password for the console.
Setting the EEPROM password helps prevent attackers who gain physical access to the system console from booting from an external device (such as a CD-ROM or floppy).
Solution
Perform the following to implement the recommended state:
# eeprom security-mode=command
# eeprom security-#badlogins=0
After entering the last command above, the administrator will be prompted for a password. This password will be required to authorize any future command issued at boot-level on the system (the ok or > prompt) except for the normal multi-user boot command (i.e., the system will be able to reboot unattended). Write down the password and store it in a sealed envelope in a secure location (note that locked desk drawers are typically not secure). If the password is lost or forgotten, simply log into the system and run the command:
# eeprom security-mode=none
This will erase the forgotten password. If the password is lost or forgotten and this action cannot be completed, then the EEPROM must be replaced to gain access to the system. To set a new password, run the command:
# eeprom security-mode=command