[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] Password protected Grub entries
From: |
The Gluglug |
Subject: |
Re: [Libreboot] Password protected Grub entries |
Date: |
Sun, 26 Apr 2015 23:43:31 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21/03/15 07:49, Beni Keller wrote:
> Hey all,
>
> I followed this tutorial to get Trisquel on full disc encryption:
>
> http://libreboot.org/docs/gnulinux/encrypted_trisquel.html
>
> The problem now was that every time I boot I had to enter three
> passwords. The Grub password first and then twice the encryption
> password. So to reduce this to two passwords, I figured I don't
> have to password protect the Grub entry that boots Trisquel on the
> encrypted partition, since password protection should only keep
> someone from booting my laptop from usb. So I edited the menu entry
> in grub.cfg like this:
>
>
> menuentry 'Load Operating System' --unrestricted { ...
>
>
> So my question: Is there a reason this isn't included in the
> tutorial? Did I somehow weaken the security of my system doing
> this? If so, what's the possible attack that's prevented by
> password protecting every grub entry?
>
> Thanks,
>
> Beni
>
Press E on that menuentry, then modify stuff, and press F10. Does it
work without entering a password? If so, then someone could boot USB.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVPWoTAAoJEP9Ft0z50c+UPaYIAKdycgqtmXypTRC0sEkMWq/y
nuuDpBQclew40TV6ZA+8k5wZcmAyQLukVZ1XfiKBqLbWCWcM3d+KPTDQjniIBq3Z
fA5mj7VElEmD8HYszxo7MKVuVmzmizq+MBBpeHPEkG5H71SZLPipCyGTw9W+ZQm3
mp1UzgKCleAB69yo5V4D6u3HoTtzPmn161tUhPaUReqp428HWUktLYsr86QWt+SU
lfrs3WIRS75hqUGku7duvHgMJvfpDItiCNxes+x3ylNTM4gP8dUmse/blrdia/oj
hD4OM2oi9GxZOZGu/H5GrnZvMsQo6KfOZbYsjjnLNWx/9UiEvLEC39ppcAr+M98=
=/4cv
-----END PGP SIGNATURE-----
- Re: [Libreboot] Password protected Grub entries,
The Gluglug <=