HardenedBSD/etc/etc.arm/ttys
Marcel Moolenaar bc0770d707 Change the terminal type/class for enabled serial lines to 3wire. This
allows us to change the uart(4) driver to not hardcode specific line
settings for the serial console.

A terminal type of 3wire makes sure the console still works when no DCD
signal is present, which preserves behviour. When it is known that the
terminal server (or DCE in general) provides DCD, a terminal type/class
of std can be used. This has the effect of being logged out when one
disconnects from the console -- improving security overall.

Likewise, when uart(4) does not fixate the baudrate, one can change
the terminal type/class to set a specific baudrate. An operator can use
this to change the console speed mid-flight, without needing a reboot.
Of course it helps in this respect if and when the firmware can be
configured from the OS.

The above mentioned capabilities depend on uart(4) being changed, which
is to happen next.
2014-03-09 21:06:22 +00:00

50 lines
2.0 KiB
Plaintext

#
# $FreeBSD$
# @(#)ttys 5.1 (Berkeley) 4/17/89
#
# This file specifies various information about terminals on the system.
# It is used by several different programs. Common entries for the
# various columns include:
#
# name The name of the terminal device.
#
# getty The program to start running on the terminal. Typically a
# getty program, as the name implies. Other common entries
# include none, when no getty is needed, and xdm, to start the
# X Window System.
#
# type The initial terminal type for this port. For hardwired
# terminal lines, this will contain the type of terminal used.
# For virtual consoles, the correct type is typically xterm.
# Other common values include dialup for incoming modem ports, and
# unknown when the terminal type cannot be predetermined.
#
# status Must be on or off. If on, init will run the getty program on
# the specified port. If the word "secure" appears, this tty
# allows root login.
#
# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure
#
ttyv0 "/usr/libexec/getty Pc" xterm off secure
# Virtual terminals
ttyv1 "/usr/libexec/getty Pc" xterm off secure
ttyv2 "/usr/libexec/getty Pc" xterm off secure
ttyv3 "/usr/libexec/getty Pc" xterm off secure
ttyv4 "/usr/libexec/getty Pc" xterm off secure
ttyv5 "/usr/libexec/getty Pc" xterm off secure
ttyv6 "/usr/libexec/getty Pc" xterm off secure
ttyv7 "/usr/libexec/getty Pc" xterm off secure
#ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
ttyu1 "/usr/libexec/getty std.9600" dialup off secure
ttyu2 "/usr/libexec/getty std.9600" dialup off secure
ttyu3 "/usr/libexec/getty std.9600" dialup off secure
# Dumb console
dcons "/usr/libexec/getty std.9600" vt100 off secure