SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

Pages: 1

#1 2011-05-06 19:11:56

db_crunch
#! Member
From: Your Hard-Disk
Registered: 2011-04-12
Posts: 68
Website

Password Protect Grub2

I was recently pondering how to add password protection to your Grub2 menu entries on the old Legacy Grub this was done with the command grub-md5.

However grub2 uses a newer method, so I'll outline the brief how to here if anyone is interested in password protecting there grub2 with SHA-512 (an NSA algorithm no less)

First you'll need to type the command:

grub-mkpasswd-pbkdf2

Now type in your chosen password...

Then open up the terminal and type sudo -i to login as root then type: gedit /etc/grub.d/00_header

Now you want to take your new password which will look something like the following:

grub.pbkdf2.sha512.10000.5F60AA485BA2B7EA640974BCDF5722F7600FDAF99AFE6AD8ECA33A1A05E53AB85B8B426E22AC246CC50558807BBA24752CBD61FD04155E26C41307F4AD64C9F7.0BDA015BBD97F09776CB66C90E0D82C2855C297039A1638D28A77FE2DDA3C8B8105C82FB2766FAEF4400647917A82CF3FB4B8E9B43ACBA6439F1E3C9B1A90194

And use the following code example of how to paste it in at the end of the 00_header file under the last line of code so it will look like this:

cat << EOF
set superusers="putyourusernamehere"
password putyourusernamehere grub.pbkdf2.sha512.10000.5F60AA485BA2B7EA640974BCDF5722F7600FDAF99AFE6AD8ECA33A1A05E53AB85B8B426E22AC246CC50558807BBA24752CBD61FD04155E26C41307F4AD64C9F7.0BDA015BBD97F09776CB66C90E0D82C2855C297039A1638D28A77FE2DDA3C8B8105C82FB2766FAEF4400647917A82CF3FB4B8E9B43ACBA6439F1E3C9B1A90194
EOF

Now do the command update-grub and your new password policy will be enforced and no one but you will know the password to edit your grub2 config.

Obviously please use your own user name and passwords, not putyourusernamehere and the password provided above as this is only an example.

The code you need at the end of the file is:

cat << EOF
set superusers="username"
password username <that goes here and dont forget the space>
EOF

Last edited by db_crunch (2011-05-06 19:31:06)

~My mind works like lightning. One brilliant flash and it's gone.

Offline

Help fund CrunchBang, donate to the project!

#2 2011-05-06 21:29:53

mynis01
#! Die Hard
From: 127.0.0.1
Registered: 2010-07-02
Posts: 1,718

Re: Password Protect Grub2

So does this require a password to boot your PC? Or is it just to keep people from editing your grub.cfg?

Offline

#3 2011-05-08 17:43:09

db_crunch
#! Member
From: Your Hard-Disk
Registered: 2011-04-12
Posts: 68
Website

Re: Password Protect Grub2

Just keep's people from editing your grub2 config. big_smile When someone other than you presses 'e' to edit the file, it prompts =Login && Password: You can test it out to your hearts content and if you dont feel like logging in, just hit esc wink Grub will continue to boot as normal.

I was reading a very interesting article recently that the NSA have actually endorsed and mandated the use of full-disk encryption and security scheme's like this one on the average home users laptops to protect and preserve the privacy of there information.. But how does that translate when your traveling through an airport for example and you get some jumped up customs agent breathing down your neck for the passwords to your crypto container because there convinced your harboring p0rn?

http://www.nsa.gov/ia/_files/factsheets … sheets.pdf

http://www.guardian.co.uk/technology/20 … g.security

http://www.tomsguide.com/us/DHS-TSA-Bor … -7041.html

Someone should tell the FAA to keep there guard dogs on a leash or is it a case the NSA should get its facts straight, ie: do they endorse full disk encryption using the SHA-512 algorithm or not?

I intend to do my own investigation into this next time I book a flight... Should be interesting, under EU guidelines it would seem I am well within my rights to refuse to co-operate and leave them glaring at the padlock icon followed with the words "I am going to sue your airline!"

They will sieze my device & take it away for examination apparently, thats something that in itself is worth watching, a load of agents busy trying trying to break their own security protocols which are supposedly unbreakable!? Muppets!

I'm already going over the dialog in my mind, I'll probably hear the words, Obstruction, which I will counter with: Probable Cause & Entrapment!

Should be interesting, once I finally relent and give them the keys and they find they've wasted millions of man hours and tax payers money to find a few images of me and my cat! lol

Last edited by db_crunch (2011-05-08 19:29:37)

~My mind works like lightning. One brilliant flash and it's gone.

Offline

#4 2012-05-09 14:03:43

tuirgin
New Member
Registered: 2012-05-09
Posts: 1

Re: Password Protect Grub2

I realize this is a dormant thread, but it was one of the first pages I pulled up when looking to encrypt grub2. There is a slight correction needed when using an encrypted password.

As originally posted:

db_crunch wrote:
cat << EOF
set superusers="username"
password username <that goes here and dont forget the space>
EOF

This should actually be:

cat << EOF
set superusers="username"
password_pbkdf2 username grub.pbkdf2.sha512.10000.hash
EOF

The "password" command is for the unencrypted password, while the "password_pbkdf2" command is used to an encrypted password.

Offline

Pages: 1

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.

Debian Logo