Sun Sunfire V100 LOM and OBP (firmware) password reset

Posted on 2012-08-10
Last Modified: 2012-08-17
I bought a surplus-store Sun Sunfire V100 server (with CD) for which I don't know either the LOM or Firmware/OBP passwords. I do *not* have a Sun keyboard or any other Sun hardware. When I connect to the console, LOMlite prompts me for a password.

Using the J13 method, I managed to get passed the LOMlite password and get a lom> prompt and boot the system up. When I get to the > prompt (restricted monitor prompt), typing "boot" attempts a network boot. Trying probe-all, boot cdrom -s, or anything else gets me to a "Firmware Password:" prompt. I can't boot the internal drive either.

I setup a JumpStart server to try to install Solaris 10 over the network, however I can't assign the machine an IP or Hostname because I don't know the OBP firmware password, so the V100 never finds it.

The internal drive has a Solaris 10 install which I do not know the passwords for. I booted it a few times before I tried resetting the NVRAM (which made network boot the prioirty).

I know that if I can reach a solaris prompt I can reset both the LOM and the Firmware (obp) passwords and be on my way. How can I reset or bypass the firmware password so I may install reinstall Solaris?

I appreciate all responses.
Question by:scotttherobot
    LVL 40

    Expert Comment

    can you boot from cdrom to maintenance mode? if yes then you can mount the root partition of the boot disk and then remove the root password from the passwd file or shadow file

    Author Comment

    I don't think so, unless there's a way to force it that I don't know about. Without the firmware password I can't change the boot order, so it's stuck trying to boot from the network. Can't boot to CD, can't boot to the internal drive.
    LVL 40

    Expert Comment


    Author Comment

    I've seen and tried those with no success. Many of those steps require a booting OS, which I do not have.

    I haven't been able to try the <Stop>+N method as I don't have a Sun keyboard.

    Accepted Solution

    I was able to get everything sorted out with a little experimenting, so here's the answer in case someone else needs to get one of these boxes working. I'm writing this in newb layman's terms because if you're a CS student like me and new to Sun and Sparc hardware, it's so much easier to understand this way.

    To clear the LOMlite and OBP Firmware passwords on a SunFire v100 (or similar) system that you cannot boot to Solaris, follow these steps.

    Hindsight: The most important step in this guide is clearing the OpenBoot Firmware Password. Without this password, you can't choose the boot order or really do anything with the machine.

    You will need:
    Sunfire v100/v120 with the case opened
    Metal jumper or screwdriver
    Console cable and terminal emulator
    A computer or virtual machine running Solaris (x86 or SPARC) setup as a JumpStart server
    A network to attach both machines to
    The Solaris DVD install image

    0. Install Solaris on another machine. Follow a guide you may find elsewhere online to set this up as a JumpStart server. This is where you will define the hostname and IP address of your Sunfire. This step is the second-trickiest to do and may take some time. Be patient and triple-check for typos in your configuration files.

    1. Connect to the LOM console of the Sunfire using your terminal emulator and console cable. Connect the Sunfire to the network via ethernet using the net0 connection. On your terminal, you should see the LOMlite password prompt asking for a username and password. At this time, rapidly short and unshort the JP13 pins on the main motherboard with the screwdriver. You can find these pins easily- they're between the CPU cooler and the motherboard's watch battery, immediately next to the LOM MCU. If you do this a dozen or so times very rapidly, the LOM will fail to read the eeprom and the unprotected lom> prompt will show up.

    1a. Try the "poweron" command. If the machine is already set to boot from the CD drive, you should monopolize this and get a bootable Solaris install CD in there ASAP! Don't jumpstart boot if you don't have to! If you can boot a Solaris cd, skip to step 4. If the machine boots to the internal drive, this could work if you know the root password. Skip to step 5 if this is the case. If it boots the internal hard drive but you don't know the root password, or if the internal hard drive has been wiped/dban-ed/is otherwise unbootable, keep reading.

    2. Issue a "bootmode reset_nvram" command. Then, try the "poweron" command. This will change the default boot order to net, allowing us to jumpstart the machine from the server you built in step 0. If you get the lom> prompt again, type "console". If you get the "console not shared" message, wait about 2 minutes, and type "console" again. Keep trying until it works for you. If you're lucky, you may catch the OpenFirmware header which shows the machine's MAC address and specs. After this, it should drop you to a console that has a simple ">" prompt. This is called the "restricted monitor prompt", which only allows you to issue "boot" without having the firmware password. There are other commands, but you aren't allowed to use them. This prompt is the locked-down version of the OK prompt. You can not choose a boot device without the password, which is why we reset the nvram, which has the side effect of forcing network boot.

    3. Type the "boot" command. This is the moment of truth. If your JumpStart server is configured properly, the console should output some hex-looking strings and a "spinning" character. Eventually, the Solaris installer will start and guide you through the installation. At the "disk selection" stage of the installation, make sure the installer knows to change the default boot order to the internal disk and to NOT continue booting from the network. It had done this by default for me and the installer pointed it out to verify, but it's good to double check.

    3a. If the Sunfire doesn't find your Jumpstart server, go back and double check some things. Sit down at the jumpstart machine's console. You'll need to be root to edit most of these files. Make sure the Sunfire's MAC address and desired hostname are in the ethers file. Make sure the MAC address digits are separated by ":" and it matches the MAC that's listed on the System Configuration Card sticker and the OpenFirmware header that comes over the V100 console. One guide I followed said to use the "-" and that didn't work for me. Make sure the Sunfire's desired IP and hostname in the hosts file. Double check for typos. Run the "share" command on the server and make sure the /export/config and the /export/install directories are shared by NFS. Use the ./check command to check the configuration files. Re-run the add_install_client script double checking the parameters.

    3b. If running through 3a doesn't help, don't give up. Find another guide and see if they say to do things differently. It can't hurt to try different methods to find one that works.

    4. When the install is done, reboot the system when it asks you to. I chose the option not to auto-reboot when finished, so this was a step for me- it might not be for you depending on what you chose. When the system is restarting, watch the console carefully. You should see the restricted monitor prompt automatically boot from the internal hard drive, yay!!! Then you should see that "spinning" character while Solaris bootstraps and initializes things. The first boot took a few minutes for me, be patient. Eventually you should get a console login. Login as root. I setup my Jumpstart server set a root password on the machine automatically, which was "password". It may be different depending on the guide you followed.

    5. Clear the OpenFirmware password. You must be root to do this. When you have a root command line in Solaris (#), issue the command "eeprom security-mode=none". This shouldn't return anything. Then issue "eeprom" and hit enter. This will print out the eeprom configuration to the console, where you can double-check the security mode. If it says "none", be happy. You will now have a full ok> prompt at OBP. Yay!

    6. Clear the LOM. This is by far the trickiest if you have no solaris resources (like me). To clear the LOM, you need the 3 SUNWlom* packages, called SUNWlomu, SUNWlomm, and SUNWlomr. These used to be freeware on the Sun site, but when Oracle bought them out they pulled them offline. Apparently, the only place to find them is on the Solaris 9 Supplemental CD. I have yet to find a copy of this CD online or these packages individually, so I wish you good luck. If you do find the packages, you can install them by following the instructions to do so in this doc:

    6a. If you can't clear the LOM password because you don't have the packages, make sure you have the eeprom set to auto-boot. You can use the eeprom utility to check this. Issuing "eeprom auto-boot?=true" will ensure that it does. This way, when you don't have the lid off of the machine (and can't reset the lom a bajillion times with a screwdriver), the power rocker switch on the back of the machine will start up Solaris with no console interaction, which is an okay trade off considering the machine used to not boot up at all.

    6b. If you want to ditch Solaris, I recommend finding the lom packages first and clearing it too, because as far as I know, Debian Sparc or any of the other non-Solaris OSes can't deal with the onboard lom or eeprom, so it's best to keep them as vanilla as possible just in case something drive fails.

    That's it. You should now have a booting system. Enjoy!

    Author Closing Comment

    This is the solution I came up with to make a functional system out of a non-booting system and I hope it can help other sun-newbs with the same issue. It is a compilation of all the research I have done on this issue written in layman's terms. The other submitted comments were not viable solutions.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration, of the HP EVA 4400 SAN Storage. The name , IP and the WWN ID’s used here are not the real ones. ABOUT THE STORAGE For most of you reading this, you …
    Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now