Subject: port-i386/12506: Request: password for input in bootselect
To: None <gnats-bugs@gnats.netbsd.org>
From: None <anne@alcor.concordia.ca>
List: netbsd-bugs
Date: 03/29/2001 15:50:40
>Number:         12506
>Category:       port-i386
>Synopsis:       Request: password for input in bootselect
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    port-i386-maintainer
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 29 15:51:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Anne Bennett
>Release:        1.5
>Organization:
Concordia University
>Environment:
NetBSD eridani.concordia.ca 1.5 NetBSD 1.5 (ERIDANI) #1: Tue Mar 20 15:48:34 EST 2001     anne@eridani.concordia.ca:/big/sources/usr/src/sys/arch/i386/compile/ERIDANI i386

>Description:
I'm trying to set my machine so that it can boot unattended from
the default device and file, but so that some kind of authentication
is required before it is possible to specify different boot parameters.
I was hoping to find something in bootselect (the special MBR), but
according to the documentation there, there is no such facility.

I am of course aware that certain restrictions can be implemented via
the PROM settings (though every motherboard is different, it seems!),
and I'm also aware that once someone has physical access to the machine,
there is in the end no limit to what they can do, given time or the
willingness to walk away with the disk.  However, the facility I
request would greatly restrict the circumstances under which someone
could tamper with my machine, and so would be much appreciated.
>How-To-Repeat:
N/A
>Fix:
I'm told that LILO can do this...
>Release-Note:
>Audit-Trail:
>Unformatted: