Securing Your Device¶

The advice in this chapter will help keep your device secure. Ensure your device's security by changing default passwords and enabling the Secure Bit.

• Change the Admin password
• Enable Secure Bit
• Set OEM Password

Change the Admin Password¶

Change the password on the default Admin account to prevent unauthorized access.

1. In Web Manager, go to User
2. Click the admin account.
3. Change the value of Password.
4. Click Submit.

In the CLI, see Config User level.

In XML, see configgroup User.

Enable Secure Bit¶

Secure Boot ensures that only authorized software is allowed to run on the device. Secure Boot is enabled by default. For additional security and to prevent writes into the OTP area, enable the Secure Bit at manufacturing using the Manufacturing Test Loader.

How you enable the Secure Bit depends on whether you load Lantronix signed firmware or create your own firmware. If using Lantronix signed firmware, see Secure Boot for detailed information. For SDK information, including creating your own firmware and the firmware signing process, contact Lantronix Sales and FAE.

Set OEM Password¶

Change your OEM password to prevent unauthorized users from changing the default configuration of your device. You can send XML to load the XML configuration record (XCR) either through the serial port or the Web APIs.

If no OEM password had been set, set the password using <configitem name = "Password"><value>[new-password]</value></configitem> within <configgroup name = "OEM">. If an OEM password had already been set and you want to change it, you'll also need to supply the current password using <configitem name = "Password"><value>[current-password]</value></configitem> within <configgroup name = "XML Import Control">. See below for an example in which the current password is provided and changed to a new password.

<?xml version="1.0" standalone="yes"?>
<!DOCTYPE configrecord [
   <!ELEMENT configrecord (configgroup+)>
   <!ELEMENT configgroup (configitem+)>
   <!ELEMENT configitem (value+)>
   <!ELEMENT value (#PCDATA)>
   <!ATTLIST configrecord version CDATA #IMPLIED>
   <!ATTLIST configgroup name CDATA #IMPLIED>
   <!ATTLIST configgroup instance CDATA #IMPLIED>
   <!ATTLIST configitem name CDATA #IMPLIED>
   <!ATTLIST configitem instance CDATA #IMPLIED>
   <!ATTLIST value name CDATA #IMPLIED>          
]>
<configrecord version = "0.1.0.1">
   <configgroup name = "XML Import Control">
      <configitem name = "OEM">
         <value>Set Configuration</value>
      </configitem>
      <configitem name = "Password">
         <value>[current-password]</value>
      </configitem>
   </configgroup>
   <configgroup name = "OEM">
      <configitem name = "Password">
         <value>[new-password]</value>
      </configitem>
   </configgroup>
</configrecord>

For more information on setting the OEM default configuration, see OEM Branding and Customization.