On Jun 15, 2007, at 15:34:52, Jan Engelhardt wrote:
Perhaps live cd? In which case, the OP should, as recommended in
this thread already, deactivate choosing boot devices, if that's
possible.
(Unfortunately, newer BIOSes with 'integrated bootmenu' with F8 or
so, but I have not seen a way to deactivate _that_ menu.)
Heh, with virtually every PC BIOS I've seen, the procedure is
something like this:
1) Reboot into BIOS
2) Set a BIOS "Supervisor Password" (as opposed to "User" or "Boot"
password)
3) Go to the "Boot Devices" list and uncheck everything except "Hard
Disk"
4) Go to the "USB Stick Hard Disk Emulation" feature and turn that off
5) Save settings to BIOS and reboot (Usually "F10" or "ESC-Y" )
The "Integrated BootMenu (F8)" stuff only lists boot devices that are
enabled in the BIOS. If everything but the hard disk is disabled
then pressing (F8) is _really_useful_ :-)
1) Boot from Hard Disk
2) Enter BIOS Setup
Of course, choosing option 2 is also quite an entertaining thing for
the student:
,--------------------------.
| Enter Password: ******** |
`--------------------------'
And since they don't actually know the password, it's followed by the
inevitable:
,--------------------------.
| Invalid Password |
`--------------------------'
Admittedly there are more things to turn off than with older BIOSen,
but there are also more features too. Of course, with OpenFirmware-
based systems (like the PowerPC macs) it's scriptable and doesn't
require rebooting.
1) Install the "nvsetenv" utility via your distro
2) Encode your password by xoring each character's ascii value
with 0xAA and printing the result in hex. This perl oneliner will do
it easily (Change 'my-password' to your plain-text password).
perl -ne 'map { printf "%%%02x", 0xaa ^ ord($_) } split //, $1;
print "\n"' my-password
For example, the password "linux" is encoded as "%c6%c3%c4%df%d2"
3) Run "nvsetenv security-password %c6%c3%c4%df%d2", where the
hex stuff is your encoded password
4) Run "nvsetenv security-mode command"
Then it auto-locks all possible ways of modifying the open-firmware
boot device or specifying alternative boot options. The only way to
get around it on most systems is with the firmware-reset button on
the inside of the case or moving RAM around and rebooting with some
magic key combo held down (Cmd-Opt-P-R on mac systems). Typically if
your students can do that there's exactly nothing you can do to
prevent them from doing whatever they want. They could always just
stick in a different hard-drive, after all.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]