[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unencrypted password in EFI mode

From: Andrei Borzenkov
Subject: Re: Unencrypted password in EFI mode
Date: Wed, 10 Jun 2020 08:02:19 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0

03.06.2020 13:24, paul kerdren пишет:
> Hello,
> I know it's a really bad practice but I would like to understand the
> differences between BIOS and EFI mode in grub.
> When I put "password user insecure" in the /boot/grub2/grub.cfg file in
> BIOS mode, grub recognizes my password and allows me to edit the grub
> configuration.
> On the other hand, when I'm in EFI mode (/boot/efi/EFI/centos/grub.cfg),
> the password doesn't work and I have the punishment delay increasing.
> The password_pbkdf2 command works correctly.
> Could you explain me the difference between the 2 modes?

For secure boot distributions build signed grub image which statically
includes selected modules and has external module loading disabled. Most
likely CentOS image does not include password.mod. I know openSUSE image
does not :)

> I searched in the source code but didn't find anything relevant.
> Thanks,
> Paul.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]