1*bbf21555SRichard Lowe.\" Copyright (c) 2011-2015 Devin Teske 2*bbf21555SRichard Lowe.\" All rights reserved. 3*bbf21555SRichard Lowe.\" 4*bbf21555SRichard Lowe.\" Redistribution and use in source and binary forms, with or without 5*bbf21555SRichard Lowe.\" modification, are permitted provided that the following conditions 6*bbf21555SRichard Lowe.\" are met: 7*bbf21555SRichard Lowe.\" 1. Redistributions of source code must retain the above copyright 8*bbf21555SRichard Lowe.\" notice, this list of conditions and the following disclaimer. 9*bbf21555SRichard Lowe.\" 2. Redistributions in binary form must reproduce the above copyright 10*bbf21555SRichard Lowe.\" notice, this list of conditions and the following disclaimer in the 11*bbf21555SRichard Lowe.\" documentation and/or other materials provided with the distribution. 12*bbf21555SRichard Lowe.\" 13*bbf21555SRichard Lowe.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14*bbf21555SRichard Lowe.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15*bbf21555SRichard Lowe.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16*bbf21555SRichard Lowe.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17*bbf21555SRichard Lowe.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18*bbf21555SRichard Lowe.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19*bbf21555SRichard Lowe.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20*bbf21555SRichard Lowe.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21*bbf21555SRichard Lowe.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22*bbf21555SRichard Lowe.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23*bbf21555SRichard Lowe.\" SUCH DAMAGE. 24*bbf21555SRichard Lowe.\" 25*bbf21555SRichard Lowe.Dd July 20, 2018 26*bbf21555SRichard Lowe.Dt CHECK-PASSWORD.4TH 7 27*bbf21555SRichard Lowe.Os 28*bbf21555SRichard Lowe.Sh NAME 29*bbf21555SRichard Lowe.Nm check-password.4th 30*bbf21555SRichard Lowe.Nd loader password-checking boot module 31*bbf21555SRichard Lowe.Sh DESCRIPTION 32*bbf21555SRichard LoweThe file that goes by the name of 33*bbf21555SRichard Lowe.Nm 34*bbf21555SRichard Loweis a set of commands designed to do one or more of the following: 35*bbf21555SRichard Lowe.Pp 36*bbf21555SRichard Lowe.Dl o Prevent booting without password 37*bbf21555SRichard Lowe.Dl o Prevent modification of boot options without password 38*bbf21555SRichard Lowe.Pp 39*bbf21555SRichard LoweThe commands of 40*bbf21555SRichard Lowe.Nm 41*bbf21555SRichard Loweby themselves are not enough for most uses. 42*bbf21555SRichard LowePlease refer to the 43*bbf21555SRichard Loweexamples below for the most common situations, and to 44*bbf21555SRichard Lowe.Xr loader 7 45*bbf21555SRichard Lowefor additional commands. 46*bbf21555SRichard Lowe.Pp 47*bbf21555SRichard LoweBefore using any of the commands provided in 48*bbf21555SRichard Lowe.Nm , 49*bbf21555SRichard Loweit must be included 50*bbf21555SRichard Lowethrough the command: 51*bbf21555SRichard Lowe.Pp 52*bbf21555SRichard Lowe.Dl include check-password.4th 53*bbf21555SRichard Lowe.Pp 54*bbf21555SRichard LoweThis line is present in 55*bbf21555SRichard Lowe.Pa /boot/forth/loader.4th 56*bbf21555SRichard Lowefile, so it is not needed (and should not be re-issued) in a normal setup. 57*bbf21555SRichard Lowe.Pp 58*bbf21555SRichard LoweThe commands provided by it are: 59*bbf21555SRichard Lowe.Pp 60*bbf21555SRichard Lowe.Bl -tag -width disable-module_module -compact -offset indent 61*bbf21555SRichard Lowe.It Ic check-password 62*bbf21555SRichard LoweMulti-purpose function that can protect the interactive boot menu, 63*bbf21555SRichard Loweprevent boot without password 64*bbf21555SRichard Lowe.Pq depending on Xr loader.conf 5 settings . 65*bbf21555SRichard Lowe.Pp 66*bbf21555SRichard LoweFirst checks 67*bbf21555SRichard Lowe.Va bootlock_password 68*bbf21555SRichard Loweand if-set, the user cannot continue until the correct password is entered. 69*bbf21555SRichard Lowe.Pp 70*bbf21555SRichard LoweLast, checks 71*bbf21555SRichard Lowe.Va password 72*bbf21555SRichard Loweand if-set, tries to 73*bbf21555SRichard Lowe.Ic autoboot 74*bbf21555SRichard Loweand only prompts for password on failure or user-interrupt. 75*bbf21555SRichard LoweSee 76*bbf21555SRichard Lowe.Xr loader.conf 5 77*bbf21555SRichard Lowefor additional information. 78*bbf21555SRichard Lowe.El 79*bbf21555SRichard Lowe.Pp 80*bbf21555SRichard LoweThe environment variables that effect its behavior are: 81*bbf21555SRichard Lowe.Bl -tag -width bootlock_password -offset indent 82*bbf21555SRichard Lowe.It Va bootlock_password 83*bbf21555SRichard LoweSets the bootlock password (up to 16 characters long) that is required by 84*bbf21555SRichard Lowe.Ic check-password 85*bbf21555SRichard Loweto be entered before the system is allowed to boot. 86*bbf21555SRichard Lowe.It Va password 87*bbf21555SRichard LoweSets the password (up to 16 characters long) that is required by 88*bbf21555SRichard Lowe.Ic check-password 89*bbf21555SRichard Lowebefore the user is allowed to visit the boot menu. 90*bbf21555SRichard Lowe.El 91*bbf21555SRichard Lowe.Sh FILES 92*bbf21555SRichard Lowe.Bl -tag -width /boot/forth/check-password.4th -compact 93*bbf21555SRichard Lowe.It Pa /boot/loader 94*bbf21555SRichard LoweThe 95*bbf21555SRichard Lowe.Xr loader 7 . 96*bbf21555SRichard Lowe.It Pa /boot/forth/check-password.4th 97*bbf21555SRichard Lowe.Nm 98*bbf21555SRichard Loweitself. 99*bbf21555SRichard Lowe.It Pa /boot/loader.rc 100*bbf21555SRichard Lowe.Xr loader 7 101*bbf21555SRichard Lowebootstrapping script. 102*bbf21555SRichard Lowe.El 103*bbf21555SRichard Lowe.Sh EXAMPLES 104*bbf21555SRichard LoweStandard i386 105*bbf21555SRichard Lowe.Pa /boot/loader.rc : 106*bbf21555SRichard Lowe.Pp 107*bbf21555SRichard Lowe.Bd -literal -offset indent -compact 108*bbf21555SRichard Loweinclude /boot/forth/loader.4th 109*bbf21555SRichard Lowecheck-password 110*bbf21555SRichard Lowe.Ed 111*bbf21555SRichard Lowe.Pp 112*bbf21555SRichard LoweSet a password in 113*bbf21555SRichard Lowe.Xr loader.conf 5 114*bbf21555SRichard Loweto prevent modification of boot options: 115*bbf21555SRichard Lowe.Pp 116*bbf21555SRichard Lowe.Bd -literal -offset indent -compact 117*bbf21555SRichard Lowepassword="abc123" 118*bbf21555SRichard Lowe.Ed 119*bbf21555SRichard Lowe.Pp 120*bbf21555SRichard LoweSet a password in 121*bbf21555SRichard Lowe.Xr loader.conf 5 122*bbf21555SRichard Loweto prevent booting without password: 123*bbf21555SRichard Lowe.Pp 124*bbf21555SRichard Lowe.Bd -literal -offset indent -compact 125*bbf21555SRichard Lowebootlock_password="boot" 126*bbf21555SRichard Lowe.Ed 127*bbf21555SRichard Lowe.Sh SEE ALSO 128*bbf21555SRichard Lowe.Xr loader.conf 5 , 129*bbf21555SRichard Lowe.Xr loader 7 , 130*bbf21555SRichard Lowe.Xr loader.4th 7 131