Hi all,
I am currently working to implement the "password" and "lock" functionality
from Grub Legacy into Grub2.
This mail is to propose a different syntax for the "password" and "lock"
Grub2 commands, with respect to what exists in Grub. The main reason is
that, in Grub Legacy, the password command has different behavior based on
where in the menu.lst the command is placed.
In Grub legacy:
- the password command, in the first part of the script, sets a password,
and locks edition and command line, but does not prompt the user anything.
- the password command, in a menu entry, prompts the user for a password
before continuing. This allows to have a different password for any menu
entry.
- the lock command prevents the script execution if the user has not
authenticated.
What I propose for Grub2 is:
1. password command:
It would keep the same syntax than in Grub Legacy. It would only be used to
set the global password for Grub, and prevent edition of menu entries, and
access to command line until the user has authenticated.
It would not be used in menu entries, and would appear at most once in the
grub.cfg
2. lock command:
It would be used to pause script execution until the user had authenticated.
In order to keep same level of functionality than in Grub Legacy, the syntax
would be changed so that the lock command supports(almost) the same syntax
than the password command:
lock [ [--md5] PASSWORD ]
--> the command "lock" with no argument would block until the user enters
the global password set with the "password" command.
--> the command "lock" with password argument would block until the user
enters the password given in argument.
In my point of view, this is more consistent than the current Grub Legacy
implementation ('password sets a password, and "lock" locks until
authentification is OK) . It would also be easier to implement because when
executing a command, we currently have no way to know if we are in a menu
entry or not. It also seems to offer the same level of functionality than
what Grub Legacy offers.
All comments are indeed welcome.
--
Julien RANC
[EMAIL PROTECTED]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
