20 xSeries 343 Hardware Maintenance Manual
If both passwords are set, you:
• May enter the user password to enter BIOS Setup or the SSU. However, you will not be able to
change many of the options.
• Must enter the supervisor password if you want to enter BIOS Setup or the SSU and have
access to all of the options.
• May enter either password to boot the server if Password on Boot is enabled in either the BIOS
Setup or SSU.
• May enter either password to exit secure mode.
Secure Mode
Configure and enable the secure boot mode by using the SSU. When secure mode is in effect:
• You can boot the server and the operating system will run, but you must enter the user
password to use the keyboard or mouse.
• You cannot turn off system power or reset the server from the front panel switches.
• Secure mode has no effect on functions enabled via remote server management or power
control via the watchdog timer.
Taking the server out of secure mode does not change the state of system power. That is, if you
press and release the power switch while secure mode is in effect, the system will not be powered
off when secure mode is later removed. However, if the front panel power switch remains
depressed when secure mode is removed, the server will be powered off.
Summary of Software Security Features
Table 7 lists the software security features and describes what protection each offers. In general, to
enable or set the features listed here, you must run the SSU and go to the Security Subsystem
Group, menu. The table also refers to other SSU menus and to the Setup utility.
Table 7. Software Security Features
Feature Description
Secure mode How to enter secure mode:
Setting and enabling passwords automatically places the system in secure mode.
If you set a hot-key combination (through Setup), you can secure the system
simply by pressing the key combination. This means you do not have to wait for
the inactivity time-out period.
When the system is in secure mode:
The server can boot and run the operating system, but mouse and keyboard input
is not accepted until the user password is entered.
At boot time, if a CD is detected in the CD-ROM drive or a diskette in drive A, the
system prompts for a password. When the password is entered, the server boots
from CD or diskette and disables the secure mode.
If there is no CD in the CD-ROM drive or diskette in drive A, the server boots from
drive C and automatically goes into secure mode. All enabled secure mode
features go into effect at boot time.
To leave secure mode: Enter the correct password(s).
continued