Subject: Re: resetting SRM secure mode on XP1000
To: None <axp-list@redhat.com, port-alpha@netbsd.org>
From: Ken Raeburn <raeburn@raeburn.org>
List: port-alpha
Date: 07/31/2004 15:33:12
(Forwarding details to both axp-list@redhat and port-alpha@netbsd,
'cuz I asked on both, and want to make sure the answer's available at
both, and Jay's having problems with his email. Forwarding headers
and superfluous quoted text deleted.)
Jay Estabrook to the rescue! :-)
Jay's procedure, included below, worked like a charm. I would just
add one note, that the hex dumps from "hd" appears to display
addresses relative to the starting point specified for the dump, not
from the start of EEPROM memory. So in the second dump, you want to
interrupt it fairly quickly, or pipe it through "more" and quit after
the first page. Don't wait for it to get up to the 18XX range. (I
did, and since I was looking at the wrong memory, couldn't confirm the
proper storing of the zero values. I ignored it and continued on,
rather than doing another dump, but it worked out fine.)
Ken
Date: Wed, 28 Jul 2004 18:05:54 -0400
From: Jay Estabrook <jestabro@linux04.mro.cpqcorp.net>
On Wed, Jul 28, 2004 at 04:21:25PM -0400, Ken Raeburn wrote:
> The SRM console claims that it's "secure", and won't let me do
> anything but boot from the default device (disk). Can't set
> variables, can't boot from CD or net, can't switch to AlphaBIOS, can't
> upgrade the console firmware.
>
> Does anyone know how to reset this "secure" mode?
Yup... :-)
--Jay++
---------------------------------------------------------------
Jay A Estabrook HPTC - LINUX support
Hewlett-Packard Company - ZKO2-3/N30 (603) 884-0301
110 Spit Brook Road, Nashua NH 03062 Jay.Estabrook@hp.com
---------------------------------------------------------------
Procedure
0. This procedure will change the contents of the EEROM, making
the checksum invalid, which, on subsequent reset or power cycle
will cause defaults to be restored, losing any previous settings.
!!!! YOU HAVE BEEN WARNED !!!!
1. Connect the Serial Terminal to the Comm1 Port on the back of the
XP1000, using an appropriate 9-pin serial adapter.
2. !!!! THIS IS VERY IMPORTANT !!!!!!
Make a note of existing variables, such as boot parameters &
network settings, as these may be lost in the following process.
3. From the SRM prompt on the graphic terminal type:
>>> login (this will load the eeprom variables into system memory)
4. When the graphic terminal displays "Please enter the password:",
go to the serial terminal.
5. Type return on the serial terminal to get the SRM Prompt (>>>)
6. Type:
>>> show *
7. !!!! AGAIN, THIS IS VERY IMPORTANT !!!!!!
Record all boot parameters and network settings that may need to
be re-installed
8. At the SRM prompt on the Serial Terminal type:
>>> hd eerom:0 | more <cr>
Page down until the address on the left reaches 00001800.
9. The Serial Terminal will display something similar to the following:
00001800 06 E4 06 00 19 00 65 77 61 30 5F 6D 6F 64 65 00 .d....ewa0_mode.
00001810 54 77 69 73 74 65 64 2D 50 61 69 72 00 14 00 70 Twisted-Pair...p
00001820 61 73 73 77 6F 72 64 00 31 33 31 65 35 39 62 65 assword.131e59be
10. Note the ASCII representation of the data from address 1820
appears to be 'assword.131e59be'. This is NOT the actual
password, please continue with the process as described below.
11. The 18xx addresses shown above will differ for each machine,
depending on what Environmental Variables are stored in the
EEPROM.
12. Change 1820 in the following SRM commands to match the address
on your system, and type the following command on the serial
terminal
>>> d eerom:1820 0 <cr>
(this will deposit 0's into the memory location containing
'assword.131e59be')
13. Use the following command to verify that the memory location
that contained 'assword.131e59be' now contains all 0's
>>> hd eerom:1820 <cr>
14. Reset the machine by pushing the reset button to the right of
the power indicator light, or power cycle.
15. Remove the Serial Terminal.
This procedure will have cleared the console secure mode. Console
command will be available at the graphics terminal without being asked
for a password. A new password can be set at the discretion of the
system operator.
-----------------------------------------------------------------------------
----- End forwarded message -----
--
--Jay++
---------------------------------------------------------------
Jay A Estabrook HPTC - LINUX support
Hewlett-Packard Company - ZKO2-3/N30 (603) 884-0301
110 Spit Brook Road, Nashua NH 03062 Jay.Estabrook@hp.com
---------------------------------------------------------------