| Summary: | Boot Password Not Set When entered During Installation | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Brian Rockwell <brtians1> |
| Component: | Installer | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED WORKSFORME | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, ouaurelien |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | mageia-8-gnome-live-x86_64 (Dec 8) | CVE: | |
| Status comment: | |||
|
Description
Brian Rockwell
2020-12-09 15:27:31 CET
Tried setting this through Mageia Set-Up Boot section. It isn't working there. Martin - this might be something for the Mageia App team. Hi, thanks reporting this. To be clear, you wanted to have: 1) a GRUB2 password that prevents GRUB2 boot to be undesirably modified or 2) do you want an encrypted root partition that you need to enter in order to do a system boot? Two Remarks: 1) the former doesn't ask for password at boot time, only for modifying boot line. It can be set to ask for password for selected boot entries, this is beyond the scope of DrakX. 2) the latter must be set when you configure partitions and needs a LVM+LUKS device and a separated /boot partition to have an unencrypted stage2 grub2. CC:
(none) =>
ouaurelien Naive questions perhaps (@Brian): - Are you using Grub2 (rather than rEFInd)? - Do you know whether this facility worked with Mageia 7 (which I can try)? CC:
(none) =>
lewyssmith Hi All, Thanks - using grub2 - I was expecting a hold to boot on grub2, but maybe I'm thinking wrong on the purpose. If it just to modify boot configuration then I'm wrong and this should be closed. I'll try that out when I use that drive again and see if it makes me do a password. - Disk encryption - Aurelien - thanks. Yes, I do use this functionality and familiar with the password pop-up for hard-disk encryption. Fun one, I tested an install with an already encrypted /home partition. After doing custom partition was able to get it set up properly. Nice. From the MCC manual in the relevent (drakboot) section, Boot-Set up boot system, which refers to Grub2: "In the third and last part [of the dialogue], called Security, it is possible to set a password for the bootloader. This means a username and password will be asked at the boot time to select a booting entry or change settings. The username is "root" and the password is the one chosen here." (In reply to Lewis Smith from comment #5) > From the MCC manual in the relevent (drakboot) section, Boot-Set up boot > system, which refers to Grub2: > "In the third and last part [of the dialogue], called Security, it is > possible to set a password for the bootloader. This means a username and > password will be asked at the boot time to select a booting entry or change > settings. The username is "root" and the password is the one chosen here." Yeah, this is totally true. But, default grub2's functionality is to let default entry to be booted but if user wants to select other entry and/or to modify the default entry, it will ask for password. So, I really think this runs as intended. If user wants to protect his boot sequence each time, a BIOS/UEFI one is more preferable than GRUB2 one. Because if there no one for BIOS/UEFI, ill-intention-ed hacker can boot from what ever he wants and access data, that's why it necessary also to encrypt hard-drive. But, BIOS/UEFI password can also be reset... but need access to the motherboard... So, paranoid user should encrypt his data. period. Closing. Resolution:
(none) =>
WORKSFORME |