Re: [Libreboot] Password protected Grub entries

[The Gluglug]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 21/03/15 07:49, Beni Keller wrote:
> Hey all,
> 
> I followed this tutorial to get Trisquel on full disc encryption:
> 
> http://libreboot.org/docs/gnulinux/encrypted_trisquel.html
> 
> The problem now was that every time I boot I had to enter three 
> passwords. The Grub password first and then twice the encryption 
> password. So to reduce this to two passwords, I figured I don't
> have to password protect the Grub entry that boots Trisquel on the
> encrypted partition, since password protection should only keep
> someone from booting my laptop from usb. So I edited the menu entry
> in grub.cfg like this:
> 
> 
> menuentry 'Load Operating System' --unrestricted { ...
> 
> 
> So my question: Is there a reason this isn't included in the
> tutorial? Did I somehow weaken the security of my system doing
> this? If so, what's the possible attack that's prevented by
> password protecting every grub entry?
> 
> Thanks,
> 
> Beni
> 

Press E on that menuentry, then modify stuff, and press F10. Does it
work without entering a password? If so, then someone could boot USB.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVPWoTAAoJEP9Ft0z50c+UPaYIAKdycgqtmXypTRC0sEkMWq/y
nuuDpBQclew40TV6ZA+8k5wZcmAyQLukVZ1XfiKBqLbWCWcM3d+KPTDQjniIBq3Z
fA5mj7VElEmD8HYszxo7MKVuVmzmizq+MBBpeHPEkG5H71SZLPipCyGTw9W+ZQm3
mp1UzgKCleAB69yo5V4D6u3HoTtzPmn161tUhPaUReqp428HWUktLYsr86QWt+SU
lfrs3WIRS75hqUGku7duvHgMJvfpDItiCNxes+x3ylNTM4gP8dUmse/blrdia/oj
hD4OM2oi9GxZOZGu/H5GrnZvMsQo6KfOZbYsjjnLNWx/9UiEvLEC39ppcAr+M98=
=/4cv
-----END PGP SIGNATURE-----