Bug 882721 - grub2 an passwords broken
Summary: grub2 an passwords broken
Status: CLOSED DUPLICATE of bug 840160
Alias: None
Product: Fedora
Classification: Fedora
Component: grub2
Version: 17
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Jones
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2012-12-02 22:30 UTC by Harald Reindl
Modified: 2013-01-29 22:14 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-01-29 22:14:36 UTC
Type: Bug

Attachments (Terms of Use)

Description Harald Reindl 2012-12-02 22:30:01 UTC
will we ever get this dumb behavior fixed that grub2-mkconfig does NOT include --unrestricted or grub2 NOT incorrectly requests the password on a UNATTENDED boot?

Comment 1 Harald Reindl 2012-12-02 23:22:03 UTC
Am 03.12.2012 00:15, schrieb Kevin Fenzi:> On Sun, 02 Dec 2012 23:36:58 +0100
> Reindl Harald <h.reindl@thelounge.net> wrote:
>> grub2 in fedora is crap
>> https://bugzilla.redhat.com/show_bug.cgi?id=882721
> I'm not the grub2 maintainer, but personally I would ask you for a
> more understandable report. What did you want to happen? What happened?
> Whats your config?
> Perhaps expanding on your bug report would get it more attention?

the same password protection for the bootloader which was possible
for dacades with "grub-legacy" - request the password if someone
is touching the boot-entry but leave the user in peace for a
untouched boot

set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.*********************
export superusers

results in a password request every time

menuentry 'Fedora (3.6.8-2.fc17.x86_64)' --unrestricted --class fedora --class gnu-linux

brings back the behavior only request a password if you try to boot
as example in single-user-mode or modify any kernel-param

"--unrestricted" is the key to bring back this behavior
this was NOT the case for all grub2-releases

it is a MAJOR DEGRADE of a bootloader having problems to secure
it with a password because it is HARDLY needed if you want to be
sure that nobody bypass your boot-configuration after you made
sure your BIOS settings are protected with a password and boot
from any external media is disallowed

Comment 2 Adam Williamson 2013-01-29 22:14:36 UTC

*** This bug has been marked as a duplicate of bug 840160 ***

Note You need to log in before you can comment on or make changes to this bug.