Creating a VxWorks 7 System With Secure User Login

VxWorks is a Real Time Operating System built by Wind River that supports secure user login to the VxWorks target.

This blog describes how to configure VxWorks 7 with secure user login support. Once configured, the target will require a username and
password to be supplied before access to the VxWorks kernel shell is permitted.

These instructions assume that you are using:
Wind River VxWorks 7, SR0620 installed on a Windows workstation

For more information on these topics, refer to:
VxWorks 7 Security Programmer’s Guide

Open a DOS shell, configure the build environment and then configure and build the project.

cd <WIND_HOME>                  // your installation directory
wrenv -p vxworks-7
cd <YOUR_WORKSPACE>             // your workspace
vxprj vsb create users_vsb -bsp vxsim_windows -smp -force -S
cd users_vsb                    // your VSB directory
vxprj vsb add USER_MANAGEMENT   // add the user management layer to the VSB
vxprj vsb add USER_MANAGEMENT_POLICY 
vxprj vsb add USER_MANAGEMENT_USER_PRIVILEGES
make -j 32                      // build the VSB

Create the VxWorks image project (VIP) as follows.

cd ..
vxprj create -smp vxsim_windows users_vip -profile PROFILE_DEVELOPMENT -vsb users_vsb
cd users_vip
vxprj vip bundle add BUNDLE_STANDALONE_SHELL
vxprj vip component add INCLUDE_USER_DATABASE
vxprj vip component add INCLUDE_SHELL_SECURITY
vxprj vip component add INCLUDE_LOGIN_POLICY
vxprj parameter set UDB_STORAGE_PATH "\"host:vxUserDB.txt"\" 
vxprj parameter set UDB_PROMPT_INITIAL_USER TRUE 
vxprj parameter set meta_UDB_HASH_KEY "\"\x48\x61"\" 
vxprj build

Make sure you rename meta_UDB_HASH_KEY as UDB_HASH_KEY, and use your own unique security hash key. A key length of 256 bytes
is recommended. This hash key secures the contents of the user database text file.

cd default
vxsim

Once the target has booted, you will see the kernel shell appear.

Your first task will be to create an initial username and password. You will be asked to enter the password twice.

** Creation of initial user **
Initial user's login: 

VxWorks will then ask you to login using the initial username and password you just defined.

login:

The target is now configured to require those login details before kernel shell access is permitted on the target.

Login to the target using the initial username and password you defined above.
From the kernel shell, create a second login to the target and then logout.

[vxWorks *]# C
-> userAdd "harmonicss", "harmonicss"
value = 0 = 0x0
-> logout
login:

The VxWorks target now supports two separate user logins. You can now use either login to access the kernel shell at boot time.
In this example, the encrypted user database file is located in the VIP default directory (users_vip\default\vxUserDB.txt)
and VxWorks accesses this file to validate login attempts on this target.
VxWorks allows you to manage users by defining user groups, monitoring login times, setting permitted login times, and updating
and deleting user accounts. For more details about VxWorks user account management, refer to the VxWorks Security Programmer’s Guide.

If you delete the user database file vxUserDB.txt, then at boot time VxWorks will revert to the state of requesting the setting up of a new
initial user. This is a potential security hole that you will need to resolve if you are building a highly secure VxWorks system that
includes the standard VxWorks kernel shell (many secure systems do not). One strategy would be to store this file locally on the target in an
encrypted file system partition that system users cannot easily access.

VxWorks gives you the option to tightly control the kernel shell activities permitted for each user. This is called adding
user privileges. To achieve this, add the following additional VIP settings:

cd ..
vxprj vip component add INCLUDE_USER_PRIVILEGES
vxprj vip parameter set PRIVILEGE_MANIFEST_PATH "\"host:\privilege_manifest\prvlgManifest.txt"\"

Locate and open the privilege manifest text file. Review the instructions at the top of the file and modify the contents of
the file to set the privileges for your users. Then rebuild the VIP and reboot the target.
Note:
The default privilege setting gives no permissions to any users. Once you have enabled user privileges in the VIP, unless you modify the
privilege manifest file, the kernel shell will always report a privilege error. Even though your users can login, they will not be
permitted to do anything from the kernel shell.