IBM SG24-4576-00 1.8.4 Secure Removable Media

there is a power failure; the machine is able to recover with the keyboard lock

still in place.

Because the power-on and keyboard passwords can be defeated by deactivating

the battery inside the system, another level of password protection is provided.

This security feature is called the privileged-access password. It provides a

much higher level of security. The privileged-access password restricts access

to system programs, prevents the IPL source and sequence from being changed,

and effectively deters unauthorized modifications to the hardware. Also, if a

forced entry is detected by the tamper-evident cover switch, the

privileged-access password (if it has been set) must be used in order to make

the system operational again.

The privileged-access password is stored in a special type of read only memory

called flash EEPROM. EEPROM is an acronym for electrically erasable

programmable read only memory.

Systems are shipped with the privileged-access password disabled. To set this

password, a jumper on the system board must be moved in order to put the

system in the change state. Once this password is set, it cannot be overridden

or removed by an unauthorized person.

Attention - Forgotten Password

If the administrator misplaces or forgets the privileged-access password, the

system board will have to be replaced. There is no way to reset a forgotten

privileged-access password.

1.8.4 Secure Removable Media

An optional 2.88MB diskette drive with security features is available for all IBM

PC Server systems. The diskette drive is a 3.5-inch, one-inch high drive with

media sense capability for the standard diskette capacities of 720KB, 1.44 MB,

and 2.88MB. It can read and write data up to a formatted capacity of 2.88MB,

while maintaining read and write capability with 720KB and 1.44MB diskette

drives.

A control signal has been added to the diskette interface that supports LOCK,

UNLOCK, and EJECT commands issued by the operating system. If the

privileged-access password is not set, the diskette is unlocked during POST. If

the password is set, the boot process does not unlock the diskette drive unless it

is the designated IPL source. In this case, the LOCK and UNLOCK state is

controlled by an operating system utility. For SCSI devices, there is a proposed

standard UNLOCK command. In this case, the operating system will control the

LOCK command if the privileged-access password is set. Access to the

unlocking function with specific user authorization can be controlled by secured

system software.

In the event of power loss, the system retains its state (secured or unsecured)

independent of the state of the battery. A diskette can be inserted in the drive,

but it cannot be removed if the power is off. When the drive is turned on and

locked, the media cannot be inserted or removed.

36 NetWare Integration Guide