On Mon, Mar 09, 2009 at 08:16:16AM +0100, phcoder wrote:
Michał Radomski wrote:
On Fri, Feb 27, 2009 at 09:53:27PM +0100, Robert Millan wrote:
It's funny, we're all discussing about performing security measurements in
GRUB and nobody mentioned that our user interface lacks even the most basic
lock mechanism :-)
Actualy... I'm working on password command...
At this moment I have plain password checking and almost finished MD5
support.
What is your design? Is it expandable? Flexible?
Flexible Yes, expandable I think yes.
Password checking is implemented as grub module, which blocks grub
execution until user supply a valid password. Take a look at 2 sample
configs:
# this config will wait for valid password
# after that it will show grub menu
set timeout=5
password --plain qwerty
menuentry "Linux" {
set root=(hd0,1)
linux /vmlinuz26 root=/dev/sda1 ro
initrd /kernel26.img
}
# this config will show menu, but if user would like to boot os,
# it will ask for a password.
set timeout=5
menuentry "Linux" {
password --md5 md5_hash
set root=(hd0,1)
linux /vmlinuz26 root=/dev/sda1 ro
initrd /kernel26.img
}
md5 algoritm is implemented as a library(grub2/lib), So it can by easy
used in other source files.
I've also think about more complex solution (password file)
And I think that it is possible to add, without many changes.