If both passwords are set, you:

May enter the user password to enter BIOS Setup or the SSU. However, you will not be able to change many of the options.

Must enter the supervisor password if you want to enter BIOS Setup or the SSU and have access to all of the options.

May enter either password to boot the server if Password on Boot is enabled in either the BIOS Setup or SSU.

May enter either password to exit secure mode.

Secure Mode

Configure and enable the secure boot mode by using the SSU. When secure mode is in effect:

You can boot the server and the operating system will run, but you must enter the user password to use the keyboard or mouse.

You cannot turn off system power or reset the server from the front panel switches.

Secure mode has no effect on functions enabled via remote server management or power control via the watchdog timer.

Taking the server out of secure mode does not change the state of system power. That is, if you press and release the power switch while secure mode is in effect, the system will not be powered off when secure mode is later removed. However, if the front panel power switch remains depressed when secure mode is removed, the server will be powered off.

Summary of Software Security Features

Table 7 lists the software security features and describes what protection each offers. In general, to enable or set the features listed here, you must run the SSU and go to the Security Subsystem Group, menu. The table also refers to other SSU menus and to the Setup utility.

Table 7. Software Security Features

Feature

Description

 

 

Secure mode

How to enter secure mode:

 

Setting and enabling passwords automatically places the system in secure mode.

 

If you set a hot-key combination (through Setup), you can secure the system

 

simply by pressing the key combination. This means you do not have to wait for

 

the inactivity time-out period.

 

When the system is in secure mode:

 

The server can boot and run the operating system, but mouse and keyboard input

 

is not accepted until the user password is entered.

 

At boot time, if a CD is detected in the CD-ROM drive or a diskette in drive A, the

 

system prompts for a password. When the password is entered, the server boots

 

from CD or diskette and disables the secure mode.

 

If there is no CD in the CD-ROM drive or diskette in drive A, the server boots from

 

drive C and automatically goes into secure mode. All enabled secure mode

 

features go into effect at boot time.

 

To leave secure mode: Enter the correct password(s).

 

 

continued

20

xSeries 343 Hardware Maintenance Manual

Page 32
Image 32
IBM 343 manual Software Security Features, How to enter secure mode