How to reset firmware password on Sun T2000

[Dariusz Dolecki]

Hi,

I could successfully reset the ALOM password via instructions online, now I have to reset the "firmware" password, any tips on how to do this?

> boot cdrom
Firmware Password:
Sorry. Waiting 10 seconds.
Type boot , go (continue), or login (command mode)
>

Thanks in advance!

[Cydrome Leader]

do you have a console cable attached to the machine?

[Dariusz Dolecki]

yes I do, in the good old days physical access to the machine was enough!!!
Maybe it is still true, I don't know.

But, yes, I have a console cable attached to the machine

[hume.sp...@bofh.ca]

Dariusz Dolecki <dariusz...@gmail.com> wrote:
> But, yes, I have a console cable attached to the machine

This procedure should do the job:

http://www.solariscommands.com/system-controller/how-to-reset-the-alom-password-on-a-sun-fire-t1000t2000/

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

[Sami Ketola]

Let the system boot and then log in as root. Then you can use eeprom
utility to set security mode to none.

# eeprom security-mode=none

Sami

[hume.sp...@bofh.ca]

hume.sp...@bofh.ca wrote:
> This procedure should do the job:

Oh, duh. You said your OB password, not ALOM. Sorry about that, wasn't
paying proper attention.

[ChrisQ]

On 04/19/12 12:52, hume.sp...@bofh.ca wrote:
> hume.sp...@bofh.ca wrote:
>> This procedure should do the job:
>
> Oh, duh. You said your OB password, not ALOM. Sorry about that, wasn't
> paying proper attention.
>

If you can boot solaris, this link provides a generalised solution using
scadm:

http://blog.mc-thias.org/?title=alom_setting_from_the_os&more=1&c=1&tb=1&pb=1

Used it recentl on some V series machines and works as described...

Regards,

Chris

[Casper H.S. Dik]

hume.sp...@bofh.ca writes:

>hume.sp...@bofh.ca wrote:
>> This procedure should do the job:

>Oh, duh. You said your OB password, not ALOM. Sorry about that, wasn't
>paying proper attention.

I think you can do most from the ALOM.

What is the setkey mode? (showkeyswitch) Set it to normal; it's
a "software" switch to be set fromthe "sc>" prompt.

Also check the bootmode command; it may help you reset the nvram
or certain variables.

Casper

[Dariusz Dolecki]

Casper - you usually have the answers, anyway I tried to follow your line of thought, I did this:

sc> bootmode reset_nvram bootscript="setenv security-mode? none"
sc> bootmode
Bootmode: reset_nvram
Expires MON APR 23 23:32:07 UTC 2012
bootscript="setenv security-mode? none"
sc> reset
Reset command is disabled when system is powered off.
sc> poweron
sc>
SC Alert: Host System has Reset

sc> reset
Are you sure you want to reset the system [y/n]? y
sc>
SC Alert: SC Request to Reset Host.


I saw this:
SC Alert: Host System has Reset
Note: set-defaults does not change the security fields.
Setting NVRAM parameters to default values.

Thanks for the help.....but I don't see any way out of the quandry I'm in.....

[Casper H.S. Dik]

Dariusz Dolecki <dariusz...@gmail.com> writes:

>Casper - you usually have the answers, anyway I tried to follow your line of thought, I did this:

Yeah, I tested it and it didn't work :-(

>sc> bootmode reset_nvram bootscript="setenv security-mode? none"

I think it would be "setenv security-mode none" but I tried that and it didn't
work either.

Sorry, I haven't found of a way which allows you to fix this.

Casper

[Dariusz Dolecki]

Casper,

Any comments by you on my posts are an honor and a privilege to/for me. Thank you for taking the time and making the effort to look into this.

PS: Is there some way to convey to the Sun Handbook team that the NVRAM chip in the T2000 is not listed as either a CSU(customer replaceable unit) or a FRU(field replacable unit)?

[Casper H.S. Dik]

Dariusz Dolecki <dariusz...@gmail.com> writes:

>On Tuesday, April 24, 2012 6:11:12 AM UTC-5, Casper H. S. Dik wrote:
>> Dariusz Dolecki <dariusz...@gmail.com> writes:
>>
>> >Casper - you usually have the answers, anyway I tried to follow your line of thought, I did this:
>>
>> Yeah, I tested it and it didn't work :-(
>>
>> >sc> bootmode reset_nvram bootscript="setenv security-mode? none"
>>
>> I think it would be "setenv security-mode none" but I tried that and it didn't
>> work either.
>>
>> Sorry, I haven't found of a way which allows you to fix this.
>>
>> Casper

>Casper,

>Any comments by you on my posts are an honor and a privilege to/for me. Thank you for taking the time and making the effort to look into this.

You're welcome, even if it was no help.

Casper

[John D Groenveld]

In article <3067323.23.1335271205902.JavaMail.geo-discussion-forums@ynhh34>,

Dariusz Dolecki <dariusz...@gmail.com> wrote:
>PS: Is there some way to convey to the Sun Handbook team that the NVRAM
>chip in the T2000 is not listed as either a CSU(customer replaceable
>unit) or a FRU(field replacable unit)?

See the FAQ:
<URL:https://support.oracle.com/handbook_private/General/faq.html#5>
| 5. What should I do if I have a great idea to improve the
| Sun System Handbook?
|
| Please use the Rate this document link located in the lower
| left area on every Handbook page. We welcome all ideas and comments.

John
groe...@acm.org

[ChrisQ]

As I said in the previous post, you can clear this using scadm if you
can boot
and log in to solaris. Had a similar problem with some V240 series
machines recently
and there seems to be no way to get into alom if the password has been
set, which
I assume is the way it's meant to work. The systems are designed to be
secure :-).

If you can't boot and log in to the os, the only way I found was to do a
bare bones
install onto a spare / scratch hard drive, then reboot, login and use
scadm to
reset the alom password. It may even be possible to do it from the os
boot media,
single user mode, but didn't look into that...

Regards,

Chris

[Dariusz Dolecki]

I did not have root access to the system, hence the unavailibility of scadm/eeprom etc.

I got my newer system today - had checked with the Ebay seller that the passwords(ALOM and Firmware) were cleared, installed S11 on it, things went flawlessly.

At this point I have one functioning T2000 and two "hosed" T2000's.

I pulled the disk with S11 on it and put it on one of the "hosed"(firmware password protected) T2000's, it would not boot, I removed it from slot 0 where I had put it and put it in slot 1, leaving the system only with 1 drive(this is important as we shall see), again the T2000 refused to boot, but I saw something interesting happen - it started looking for a network to boot from.

I had a jumpstart server setup - although not for the T2000 Sun4v, but I made some minor modifications to the settings and let it tftpboot up........it went far enough to ultimately fail(jumpstart) but it did give me a prompt. Using this prompt I could use the eeprom command to remove the password from firmware.

So far so good, but the jumpstart program did not detect any disks in the system, although there was 1. I ran raidctl and destroyed the volume that existed.

I put back in the second drive and ran raidctl again and it picked up another volume - destroyed it via the raidctl -d switch.

Now, I rebooted, got the "ok" prompt back and booted off of a S11 CD and installed it.

This left me with 1 hosed T2000, I assumed that it would also time out and boot off of the network, not so, here I had to follow "Casper Dik" and actually run the bootmode command with the setenv boot-device net argument to "string" and then reset it, it started looking for the network - gave me the mac address and again I put those settings in my jumpstart server and got a prompt. As before I had to use raidctl -d to remove any volumes.

Ram eeprom to remove firmware password and got my systems back.

I must say that the Ebay seller was very understanding and offered to take back the systems.

Please let me know if you have any questions regarding any of this.

[Casper H.S. Dik]

Dariusz Dolecki <dariusz...@gmail.com> writes:

>This left me with 1 hosed T2000, I assumed that it would also time out and =
>boot off of the network, not so, here I had to follow "Casper Dik" and actu=
>ally run the bootmode command with the setenv boot-device net argument to "=
>string" and then reset it, it started looking for the network - gave me the=
> mac address and again I put those settings in my jumpstart server and got =

>a prompt. As before I had to use raidctl -d to remove any volumes.

If the security-mode is set to "command" rather than full, it is indeed possible
to recover the system as long as can get it to boot from another device.
When the security-mode=full, it will ask for the password before it even
attempts to boot.

The T2000 has the ability of ldoms; each ldom can have its own "security*"
parameters and so they are stored in a different way. One thing you
could try is from the ALOM:

poweroff -y
bootmode config="factory-default" (removes all the domains)
poweron -c

But I can't be sure it resets all parameters.

Casper

[ChrisQ]

On 04/24/12 21:35, Dariusz Dolecki wrote:

>
> I did not have root access to the system, hence the unavailibility of scadm/eeprom etc.
>
> I got my newer system today - had checked with the Ebay seller that the passwords(ALOM and Firmware) were cleared, installed S11 on it, things went flawlessly.
>
> At this point I have one functioning T2000 and two "hosed" T2000's.
>
> I pulled the disk with S11 on it and put it on one of the "hosed"(firmware password protected) T2000's, it would not boot, I removed it from slot 0 where I had put it and put it in slot 1, leaving the system only with 1 drive(this is important as we shall see), again the T2000 refused to boot, but I saw something interesting happen - it started looking for a network to boot from.
>
> I had a jumpstart server setup - although not for the T2000 Sun4v, but I made some minor modifications to the settings and let it tftpboot up........it went far enough to ultimately fail(jumpstart) but it did give me a prompt. Using this prompt I could use the eeprom command to remove the password from firmware.
>
> So far so good, but the jumpstart program did not detect any disks in the system, although there was 1. I ran raidctl and destroyed the volume that existed.
>
> I put back in the second drive and ran raidctl again and it picked up another volume - destroyed it via the raidctl -d switch.
>
> Now, I rebooted, got the "ok" prompt back and booted off of a S11 CD and installed it.
>
> This left me with 1 hosed T2000, I assumed that it would also time out and boot off of the network, not so, here I had to follow "Casper Dik" and actually run the bootmode command with the setenv boot-device net argument to "string" and then reset it, it started looking for the network - gave me the mac address and again I put those settings in my jumpstart server and got a prompt. As before I had to use raidctl -d to remove any volumes.
>
> Ram eeprom to remove firmware password and got my systems back.
>
> I must say that the Ebay seller was very understanding and offered to take back the systems.
>
> Please let me know if you have any questions regarding any of this.

I had a stack of machines, all of which had alom passwords. As usual,
after running
post, the system found no bootable disk, then tried to boot from the
network.
Couldn't find stop-a functionality from the terminal, so plugged in a sun
keyboard for input, while using the terminal for screen. Stop-a to get back
to obp, then boot from cdrom to install the os. Did that once, then
swapped the drive
to the other machines.

My machines came from Ebay as well - a pallet of 4 V240's, a V210 and a
280R for < 100ukp.
The seems to be a lot of the older V series around now at firesale
prices, when
they are actually pretty good machines with modest power consumption.
More than fast
enough for software development or small group / web server use...

Regards,

Chris

[Cydrome Leader]

ChrisQ <me...@devnull.com> wrote:
> On 04/24/12 12:40, Dariusz Dolecki wrote:
>> On Tuesday, April 24, 2012 6:11:12 AM UTC-5, Casper H. S. Dik wrote:
>>> Dariusz Dolecki<dariusz...@gmail.com> writes:
>>>
>>>> Casper - you usually have the answers, anyway I tried to follow your line of thought, I did this:
>>>
>>> Yeah, I tested it and it didn't work :-(
>>>
>>>> sc> bootmode reset_nvram bootscript="setenv security-mode? none"
>>>
>>> I think it would be "setenv security-mode none" but I tried that and it didn't
>>> work either.
>>>
>>> Sorry, I haven't found of a way which allows you to fix this.
>>>
>>> Casper
>>
>> Casper,
>>
>> Any comments by you on my posts are an honor and a privilege to/for me. Thank you for taking the time and making the effort to look into this.
>>
>> PS: Is there some way to convey to the Sun Handbook team that the NVRAM chip in the T2000 is not listed as either a CSU(customer replaceable unit) or a FRU(field replacable unit)?
>
> As I said in the previous post, you can clear this using scadm if you
> can boot
> and log in to solaris. Had a similar problem with some V240 series
> machines recently
> and there seems to be no way to get into alom if the password has been

T2000s don't have a scadm command, just eeprom. Go sun.

[Dariusz Dolecki]

On Apr 24, 9:37 am, groen...@cse.psu.edu (John D Groenveld) wrote:
> In article <3067323.23.1335271205902.JavaMail.geo-discussion-forums@ynhh34>,

> Dariusz Dolecki  <dariusz.dole...@gmail.com> wrote:
>
> >PS: Is there some way to convey to the Sun Handbook team that the NVRAM
> >chip in the T2000 is not listed as either a CSU(customer replaceable
> >unit) or a FRU(field replacable unit)?
>
> See the FAQ:
> <URL:https://support.oracle.com/handbook_private/General/faq.html#5>
> | 5. What should I do if I have a great idea to improve the
> | Sun System Handbook?
> |
> | Please use the Rate this document link located in the lower
> | left area on every Handbook page. We welcome all ideas and comments.
>
> John

> groenv...@acm.org

I have in the past found the "Sun Handbook team" to have a very fast
response time, this was no exception. The comment was made and Oracle
is making the change to the handbook to reflect the NVRAM part number
etc..... Here is the "Handbook team's" response:
" The NVRAM part # for the Sun Fire T2000 is the same
as the T1000, 525-2146. The location is called out
on the T2000 Service Processor drawing as "ALOM NVRAM"...

https://support.oracle.com/handbook_private/Devices/Communication/COMM_T2000_Svc_Proc.html

We have added reference to part # 525-2146 to the
T2000 Full Components List. The update should appear
in the Sun System Handbook by tomorrow afternoon."

[erickya...@gmail.com]

Dude how do I reset the password on t2000

Thanks u

[Cydrome Leader]

erickya...@gmail.com wrote:
> Dude how do I reset the password on t2000
>
> Thanks u

which password?