This is my first version of a program to enable the setting of the supervisor
password, and the changing of the user mode under Linux. It is functionally a
replacement for the svpw.exe program which can be found on the Toshiba
Companion Diskette for your laptop.

The information necessary to write this program was derived by examining
svwp.exe found on the companion diskette. While I have only been able to test
it on my Satellite Pro 400CS, I anticipate that this should work all Toshiba
Pentium laptops support user and supervisor passwords. Reports from other Linux
users indicate the program also works on the Toshiba laptops listed below. The
'x' denotes all the different variations on a model, so Satellite Pro 400x,
includes 400CS, 400CDT, 405CS etc. I am keen to hear of any success/failure on
models not listed below.

 o Satellite Pro 400x, 430x, 440x
 o Satellite     230x
 o Portage       ?
 o Tecra         500x, 520x, 740x, 780x

EXTRIME CAUTION SHOULD BE EXERCISED WHEN TRYING THIS PROGRAM FOR THE FIRST TIME
ON A MODEL NOT PREVIOUSLY TESTED. IF YOU FOLLOW THE INSTRUCTIONS THEN ANY
PROBLEMS CAN BE RECOVERED. HOWEVER NO RESPONSIBILITY CAN BE ACCEPTED IF THE
PROGRAM RENDERS YOUR LAPTOP UNUSABLE.

The reason for this is warning is that the program has the potential to set the
supervisor password to something that is not recoverable. The procedure to test
whether you model is compatible is detailed below. If your laptop model is
listed above you can skip this type 'make svpw' to build the program, and
provided you are logged on as root you can install the program with 'make
install'.

The program must be run as root, and will not run setuid. The program must also
be run from the console, that is not under X11 or a remote terminal either
serial or over a network. This is because the password is stored as the scan
codes of the keys pressed, and the only guaranteed way to get these is to put
the keyboard into raw mode on the console (you can use any virtual console).

 1. Check the md5sum of the svpw.exe on your companion diskette. The version I
    have has a sum of "939ebfe8757b30c377d1f4a4d8e040b3". If yours is
    different, gzip it up and mail me a copy. It has also come to my attention
    that newer Toshiba laptops come with a Windows utility to set both user and
    supervisor passwords. If this is the case for your laptop could you let me
    know what model you have, and whether their is a file named sci32.dll in
    your windows directory.

 2. Boot into DOS/Windows and set both a user *and* supervisor password, making
    sure that they are different. It is probably a good idea to write them
    down.

 3. Boot into Linux and compile the svpw program with 'make svpw'. Switch to a
    console and run the program with no command line options using './svpw'
    whilst logged on as root. Enter the supervisor password to remove it.

 4. Either reboot the computer or suspend and resume it. At the password prompt
    try using the supervisors password to get in. If everything is working you
    should be denied access, in which case use the user password to get back
    in. If not and you can still log in with the supervisor password please
    send me the details and don't try and use the program.

 5. Now for the big test setting a supervisor password. It should be safe to
    set the password because the password is removed by calling the routine to
    set the password with the current password. Hence if it can be removed it
    can be safely set. To test if the supervisor password has been correctly
    set either reboot the computer or suspend and resume it, and try using the
    supervisor password at the password prompt.
	
 6. If you can't get back in with the supervisors password don't panic. Use the
    user password, this is why we set one in the first place. Then use my
    version of svpw to remove the supervisor password. This will work even if
    the BIOS won't let you unlock the computer with it. If this is the case
    don't use the program and please send me the details.

As far as I am aware the program should not present any security holes, but I
am not an expert. Note that gcc 2.7.2 does not compile the program properly if
*any* optimization is used, you might fair better with either 2.8 or egcs
please let me know.

JAB.

-----------------------------------------------------------------------
Jonathan A. Buzzard                 Email: jab@hex.prestel.co.uk
Northumberland, United Kingdom.       Tel: +44(0)1661-832195
