- disable access to the grub-shell through enforcing a password (maybe through using a password stored in shadow)
Basis support is there see https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/392158 and also http://grub.enbug.org/Authentication But please note https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/478806 Just configure a superuser and a password for it and command line access requires a password. - make grub.cfg readable only by root grub-mkconfig does that if there's a password line in the generated grub.cfg - encrypt the password in grub.cfg Work in progress - describe the problems with grub-shell LOUD AND CLEAR on every admin and security-page of every handbook, faq and such. That's not our business. If you _really_ want a secure system you need to encrypt everything except /boot LUKS support for GRUB 2 is in work too by the way. -- Felix Zielcke Proud Debian Maintainer and GNU GRUB developer -- grub2 - cat - security - it becomes too easy without pwd-protected grub-shell https://bugs.launchpad.net/bugs/481613 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
