From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LeyGv-0006qO-Oo for mharc-grub-devel@gnu.org; Wed, 04 Mar 2009 16:04:57 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LeyGu-0006pQ-5t for grub-devel@gnu.org; Wed, 04 Mar 2009 16:04:56 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LeyGs-0006oh-KE for grub-devel@gnu.org; Wed, 04 Mar 2009 16:04:55 -0500 Received: from [199.232.76.173] (port=47475 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LeyGs-0006oc-Gz for grub-devel@gnu.org; Wed, 04 Mar 2009 16:04:54 -0500 Received: from aybabtu.com ([69.60.117.155]:43534) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LeyGr-0005hJ-Uz for grub-devel@gnu.org; Wed, 04 Mar 2009 16:04:54 -0500 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1Ley9G-0002AB-HV for grub-devel@gnu.org; Wed, 04 Mar 2009 21:57:02 +0100 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1LeyGn-00089P-5L for grub-devel@gnu.org; Wed, 04 Mar 2009 22:04:49 +0100 Date: Wed, 4 Mar 2009 22:04:49 +0100 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090304210449.GE31201@thorin> References: <20090227205327.GA32242@thorin> <49AD4D98.4010105@nic.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <49AD4D98.4010105@nic.fi> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: Menu locks / password authentication X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 21:04:56 -0000 On Tue, Mar 03, 2009 at 05:32:40PM +0200, Vesa Jääskeläinen wrote: > Robert Millan wrote: > > It's funny, we're all discussing about performing security measurements in > > GRUB and nobody mentioned that our user interface lacks even the most basic > > lock mechanism :-) > > > > Perhaps this would be a good time to retake the discussion on implementing > > an equivalent to "lock" and "password" commands. I think I even sent a patch > > a while ago! > > > > Vesa, do you still think we should design an extensible framework for > > authentication before we do anything else? I think it'd be interesting if > > we could implement the lock/password paradigm, even if later it would be > > replaced, since our users commonly need this, and it's blocking the > > transition from GRUB Legacy. > > I think that most important thing at this time is to match needed > functionality with GRUB legacy. So just make it clean and perhaps think > a bit about how it can be easily extended :). > > I think there was some hash algorithms posted previously that could be > used for this. Hashing is nice, but basic password support can work without hash. If you give grub.cfg the proper perms, that is. Anyway, for those interested: http://www.mail-archive.com/grub-devel@gnu.org/msg05350.html -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."