libreboot
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Password protected Grub entries

From: The Gluglug
Subject: Re: [Libreboot] Password protected Grub entries
Date: Wed, 20 May 2015 11:17:07 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 20/05/15 11:15, The Gluglug wrote:
> 
> 
> On 20/05/15 10:30, The Gluglug wrote:
>> Beni,
> 
>> I gave it some thought today, and decided that it's actually 
>> dangerous to have --unrestricted in your GRUB config. I've since 
>> removed the instructions from the documentation. You can see my 
>> reasoning in this commit:
> 
>> http://libreboot.org/gitweb/?p=libreboot.git;a=commitdiff;h=a2616e852ba1d861209f66ce4afc8728117a1acd
>
>>  I recommend not using --unrestricted on your system, either.
> 
> It might be safe to use it with --unrestricted, if you configure
> GRUB to only boot kernels that are signed with your GPG key. You
> can look at this page for information about how to do that:
> 
> http://www.coreboot.org/GRUB2#signed_kernels
> 

However, you are most likely using kernels from the package repository
anyway, which can therefore easily be replicated.

Just boot without the --unrestricted option.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVXF8jAAoJEP9Ft0z50c+UycQIAMdVXrA7zHaZNrQbT9qA3N4a
7noFY85VjbQPAb8md+DNICf6vxi27xE5GZlscT48z7oBcCoPAN/bQN3vLDnF5Cop
Nb+es1OYxBZf72Ua8EGcjQJrtpBp7H2LlNQ7qGDoSSopX4f3ks24gGMUWi+f3Gd6
djQ2+mHC8e6hftWd45UZ3tu9ubV0gltYMeEESwBlYJNR9Q/YixlWvirZEznX3Abe
p3wNNH8ynu8RMtBP1LKtrb+AfmZZUIvYsLlx/gBwd4UkH2xMXTxLA8iNIiuUNuG4
V+Ho/m+fDeGZgq8CbLl5lsJw+RGhl2o37RTK8vsmUcQcHFpgW4ytuKyC3CQLmf4=
=gXRU
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]