<html><body><div>It was mentioned earlier how pulling the battery off the laptop would clear any boot password set up.  I thought most modern BIOS/UEFI passwords were in non-volatile memory and would persist even if the batteries were pulled.<br></div><div><br>On June 2, 2021 at 3:53 PM, Mike Wayne <semibug15@post.wayne47.com> wrote:<br><br><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content">On Wed, Jun 02, 2021 at 04:03:23AM -0600, Jonathan Drews wrote:<br><blockquote class="quoted-plain-text" type="cite">Hi People:</blockquote><blockquote class="quoted-plain-text" type="cite"><br></blockquote><blockquote class="quoted-plain-text" type="cite">I have an OpneBSD laptop. I was distrurbed to find this:</blockquote><blockquote class="quoted-plain-text" type="cite"><br></blockquote><blockquote class="quoted-plain-text" type="cite">I Forgot My Root Password</blockquote><blockquote class="quoted-plain-text" type="cite"><a href="https://www.openbsd.org/faq/faq8.html" data-mce-href="https://www.openbsd.org/faq/faq8.html">https://www.openbsd.org/faq/faq8.html</a><br data-mce-bogus="1"></blockquote><blockquote class="quoted-plain-text" type="cite"><br></blockquote><blockquote class="quoted-plain-text" type="cite">You boot into single user mode;</blockquote><blockquote class="quoted-plain-text" type="cite">boot> boot -s</blockquote><blockquote class="quoted-plain-text" type="cite"><br></blockquote><blockquote class="quoted-plain-text" type="cite">and now have root privliges and can change the root password!</blockquote><blockquote class="quoted-plain-text" type="cite"><br></blockquote><blockquote class="quoted-plain-text" type="cite">My question is how do I prevent this? I thought of using a BIOS</blockquote><blockquote class="quoted-plain-text" type="cite">level password. That would suspend the boot process until you</blockquote><blockquote class="quoted-plain-text" type="cite">entered a password. However the thief could remove the CMOS battery</blockquote><blockquote class="quoted-plain-text" type="cite">and the BIOS would reset.</blockquote><br>This is sort of a religous issue.<br><br>If you have physical access to the machine, you can find SOME way<br>to read the disk. So "protecting" the system in single user mode<br>is just silly since the reaon you are doing this is likely that you<br>are recovering a machine that you do not know root password and all<br>you are doing is making it more complicated for the user.<br><br>If the person doing the recovery is the original owner (the most<br>common case), you are just making their life more difficult. If the <br>person doing it is nefarious, they will eventually succeed anyway<br><br>_______________________________________________<br>Semibug mailing list<br><a href="mailto:Semibug@lists.nycbug.org" data-mce-href="mailto:Semibug@lists.nycbug.org">Semibug@lists.nycbug.org</a><br><a href="http://lists.nycbug.org:8080/mailman/listinfo/semibug" data-mce-href="http://lists.nycbug.org:8080/mailman/listinfo/semibug">http://lists.nycbug.org:8080/mailman/listinfo/semibug</a><br></span></div></div></blockquote></div></div></body></html>