netbsd-users: Re: Is it possible to disable the boot prompt?

Subject: Re: Is it possible to disable the boot prompt?
To: Martin Weber <Ephaeton@gmx.net>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 08/03/2001 14:38:11

On Fri, Aug 03, 2001 at 08:10:26PM +0200, Martin Weber wrote:
> On Friday 03 August 2001 20:05 you've wrote:
> > Hi,
> >
> > On 3 Aug 2001, at 17:00, Jim Breton wrote:
> > > Thanks, that does help.  However one could still put a floppy in the
> > > drive, and at the boot prompt, type "fd0a:/bsd" or whatever to boot
> > > from that disk.  Any way around this?
> >
> > depending on the computer, either disable floppyboot (x86) or
> > remove the floppy.
> 
> Isn't there a "cleaner" software-option-activated way to do it ? I don't see 
> why I should remove my floppy drive from my computer just so nobody can boot 
> off it, if there was a way to simply skip the menu ! I mean that somehow 
> ignorant ;>

It sounds like what you really need is _physical_ security. If someone
can get to your machine and reboot it and load a non-standard kernel,
what's to stop one from unscrewing the hard drive and putting it in
another machine, containing a primary boot disk that lets one do
whatever is desired to the contents of your drive?

You'll also be shooting yourself in the foot - since once you do this
you won't have an easy way to recover from problems booting - making it
hard for someone else will make it harder for you too.

If you still want to do it, look at:

src/sys/arch/i386/stand/biosboot/main.c (I assume Intel here, since people have
been talking about BIOS settings etc)

Specifically, you could recompile after changing

#define TIMEOUT 5
to
#define TIMEOUT 0
(I haven't checked to be sure that holding down a key will not be
caught, if given '0' seconds. Confirm that if you use this method.)

or, replace the line

                c = awaitkey(boottimeout, 1);
with
		c = '\n';

If you'd rather have a password instead of disabling the prompt, look at

src/sys/lib/libsa/checkpasswd.c and modify:

char bootpasswd[16] = {'\0'}; /* into data segment! */

Then rebuild libsa and biosboot, and install your new bootblocks.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Although some of you out
there might find a microwave oven controlled by a Unix system an attractive
idea, controlling a microwave oven is easily accomplished with the smallest
of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)