Bug 882721

Summary: grub2 an passwords broken
Product: [Fedora] Fedora Reporter: Harald Reindl <h.reindl>
Component: grub2Assignee: Peter Jones <pjones>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 17CC: awilliam, bcl, dcantrell, dennis, liblit, mads, pjones, somlo
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-29 22:14:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harald Reindl 2012-12-02 22:30:01 UTC 
will we ever get this dumb behavior fixed that grub2-mkconfig does NOT include --unrestricted or grub2 NOT incorrectly requests the password on a UNATTENDED boot?
Comment 1 Harald Reindl 2012-12-02 23:22:03 UTC 
Am 03.12.2012 00:15, schrieb Kevin Fenzi:> On Sun, 02 Dec 2012 23:36:58 +0100
> Reindl Harald <h.reindl> wrote:
> 
>> grub2 in fedora is crap
>> https://bugzilla.redhat.com/show_bug.cgi?id=882721
> 
> I'm not the grub2 maintainer, but personally I would ask you for a
> more understandable report. What did you want to happen? What happened?
> Whats your config?
> 
> Perhaps expanding on your bug report would get it more attention?

the same password protection for the bootloader which was possible
for dacades with "grub-legacy" - request the password if someone
is touching the boot-entry but leave the user in peace for a
untouched boot

set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.*********************
export superusers

results in a password request every time
______________________________

menuentry 'Fedora (3.6.8-2.fc17.x86_64)' --unrestricted --class fedora --class gnu-linux

brings back the behavior only request a password if you try to boot
as example in single-user-mode or modify any kernel-param

"--unrestricted" is the key to bring back this behavior
this was NOT the case for all grub2-releases

it is a MAJOR DEGRADE of a bootloader having problems to secure
it with a password because it is HARDLY needed if you want to be
sure that nobody bypass your boot-configuration after you made
sure your BIOS settings are protected with a password and boot
from any external media is disallowed
Comment 2 Adam Williamson 2013-01-29 22:14:36 UTC 

*** This bug has been marked as a duplicate of bug 840160 ***