Bug 882721 - grub2 an passwords broken
grub2 an passwords broken
Status: CLOSED DUPLICATE of bug 840160
Product: Fedora
Classification: Fedora
Component: grub2 (Show other bugs)
17
All Linux
unspecified Severity high
: ---
: ---
Assigned To: Peter Jones
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-02 17:30 EST by Harald Reindl
Modified: 2013-01-29 17:14 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-29 17:14:36 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Harald Reindl 2012-12-02 17:30:01 EST
will we ever get this dumb behavior fixed that grub2-mkconfig does NOT include --unrestricted or grub2 NOT incorrectly requests the password on a UNATTENDED boot?
Comment 1 Harald Reindl 2012-12-02 18:22:03 EST
Am 03.12.2012 00:15, schrieb Kevin Fenzi:> On Sun, 02 Dec 2012 23:36:58 +0100
> Reindl Harald <h.reindl@thelounge.net> wrote:
> 
>> grub2 in fedora is crap
>> https://bugzilla.redhat.com/show_bug.cgi?id=882721
> 
> I'm not the grub2 maintainer, but personally I would ask you for a
> more understandable report. What did you want to happen? What happened?
> Whats your config?
> 
> Perhaps expanding on your bug report would get it more attention?

the same password protection for the bootloader which was possible
for dacades with "grub-legacy" - request the password if someone
is touching the boot-entry but leave the user in peace for a
untouched boot

set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.*********************
export superusers

results in a password request every time
______________________________

menuentry 'Fedora (3.6.8-2.fc17.x86_64)' --unrestricted --class fedora --class gnu-linux

brings back the behavior only request a password if you try to boot
as example in single-user-mode or modify any kernel-param

"--unrestricted" is the key to bring back this behavior
this was NOT the case for all grub2-releases

it is a MAJOR DEGRADE of a bootloader having problems to secure
it with a password because it is HARDLY needed if you want to be
sure that nobody bypass your boot-configuration after you made
sure your BIOS settings are protected with a password and boot
from any external media is disallowed
Comment 2 Adam Williamson 2013-01-29 17:14:36 EST

*** This bug has been marked as a duplicate of bug 840160 ***

Note You need to log in before you can comment on or make changes to this bug.