Update README with default user credential info

Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>

1 files changed, 47 insertions, 5 deletions

diff --git a/README.md b/README.md
index 324c2d6d1..b7b49c713 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ the capabilities here will be brought to the OpenBMC project.
 
 Some answers to the main questions that tend to get asked: 
 
-### Does this mean that Intel is no longer contributing to the Linux foundation project? ###
+### Does this mean that Intel is no longer contributing to the Linux foundation project?
 
 No. This repo is for components that are intended for the eventual
 release to the LF OpenBMC project. There are a number of reasons where things
@@ -18,7 +18,7 @@ discussion or in the LF OpenBMC project, features that have not gone through
 the level of testing or integration needed to be included in the OpenBMC
 project
 
-### Why does this repo exist at all? ###
+### Why does this repo exist at all?
 
 Upstreaming changes to the linux kernel, uboot, systemd, yocto, and the various
 projects that OpenBMC pulls in requires a significant effort.  While we aspire
@@ -29,7 +29,7 @@ general rule, this repository loosens the requirements of "form over function"
 and prefers to make some simplifying assumptions of BMC capabilities, chipsets,
 and required features.
 
-### Can I upstream/release the code from this repository? ###
+### Can I upstream/release the code from this repository?
 
 It very much depends on the component. While in general the answer ends up
 being "yes", prior approval should be granted, as this repo contains future
@@ -37,14 +37,56 @@ facing capabilities that may not have been announced yet.  Please email
 openbmc@intel.com to discuss. Appropriate licenses will be applied to the
 portions of this codebase that are approved for upstreaming.
 
-### Which platforms does this code work on? ###
+### Which platforms does this code work on?
 
 While the code is easily portable across different type of IA platforms,
 currently we use Intel’s Wolf Pass (S2600WP) platform for development and most
 testing. 
 
-### How to build for Wolf Pass ###
+### How to build for Wolf Pass
 ```bash
 source oe-init-build-env
 bitbake intel-platforms
 ```
+
+### Default User Credentials
+
+To meet Intel security requirements, this OpenBMC implementation will not have
+default user credentials enabled by default.
+
+IPMI commands are available to enable the root user for serial console access
+and to enable users for IPMI, Redfish, and web access.
+
+There is also a `"debug-tweaks"` feature that can be added to a build to
+re-enable the default user credentials.
+
+#### Enable root user
+
+Without `"debug-tweaks"`, the root user is disabled by default.
+
+The following IPMI command can be used to enable the root user.  This root
+user allows access to the BMC serial console, but cannot be used to access
+IPMI, Redfish, or the web console.
+
+IPMI OEM net function 0x30, command 0x5f.  For root user, the first byte is
+0 followed by the password.
+
+For example, to enable the root user with password `0penBmc1`:
+
+```ipmitool raw 0x30 0x5f 0x00 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63 0x31```
+
+#### Enable IPMI, Redfish, and web users
+
+Without `"debug-tweaks"`, there are no IPMI, Redfish, or web users by default.
+
+The standard IPMI commands to set usernames and passwords are supported.
+These users allow access to IPMI, Redfish, and the web console, but cannot be
+used to access the BMC serial console.
+
+#### debug-tweaks
+
+Debug features, including the default user credentials, can be enabled by
+adding the `"debug-tweaks"` feature to the build by including the following
+in your `local.conf` file:
+
+```EXTRA_IMAGE_FEATURES += "debug-tweaks"```