IBM 343 - page 32

20 xSeries 343 Hardware Maintenance Manual

If both passwordsare set, you:

• May enter the userpassword to enter BIOS Setup or the SSU. However, youwill not be able to

change manyof the options.

• Must entert hesupervisor password if you want to enter BIOS Setup or the SSU and have

access to all of the options.

• May enter eitherpassword to boot the server if Password on Boot is enabled in either the BIOS

Setup or SSU.

• May enter either passwordto exit secure mode.

Secure Mode

Configure andenable the secure boot mode by using the SSU. Whensecure mode is in effect:

• You can boot theserver and the operating system will run, but you must enter the user

password to use the keyboardor mouse.

• You cannot turnoff system power or reset the server from the front panel switches.

• Secure modehas no effect on functions enabled via remote server management or power

control via the watchdogtimer.

Taking the serverout of secure mode does not change the state of system power. Thatis, if you

press and releasethe power switch while secure mode is in effect, the system will not be powered

off when securemode is later removed. However,if the front panel power switch remains

depressedwhen secure mode is removed, the server will be powered off.

Summary of Software Security Features

Table 7 liststhe software security features and describes what protection each offers. In general, to

enable or set thefeatures listed here, you must run the SSU and go to the Security Subsystem

Group, menu. Thetable also refers to other SSU menus andto the Setup utility.

Table 7. Software Security Features

Feature Description

Secure mode How to enter secure mode:

Setting and enabling passwords automatically places the system in secure mode.

If you set a hot-key combination (through Setup), you can secure the system

simply by pressing the key combination. This means you do not have to wait for

the inactivity time-out period.

When the system is in secure mode:

The server can boot and run the operating system, but mouse and keyboard input

is not accepted until the user password is entered.

At boot time, if a CD is detected in the CD-ROM drive or a diskette in drive A, the

system prompts for a password. When the password is entered, the server boots

from CD or diskette and disables the secure mode.

If there is no CD in the CD-ROM drive or diskette in drive A, the server boots from

drive C and automatically goes into secure mode. All enabled secure mode

features go into effect at boot time.

To leave secure mode: Enter the correct password(s).

continued