From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LeWbx-0002OX-Pk for mharc-grub-devel@gnu.org; Tue, 03 Mar 2009 10:32:49 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LeWbv-0002NJ-Eb for grub-devel@gnu.org; Tue, 03 Mar 2009 10:32:47 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LeWbt-0002Mj-N6 for grub-devel@gnu.org; Tue, 03 Mar 2009 10:32:46 -0500 Received: from [199.232.76.173] (port=40554 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LeWbt-0002MW-FX for grub-devel@gnu.org; Tue, 03 Mar 2009 10:32:45 -0500 Received: from mta-out.inet.fi ([195.156.147.13]:38206 helo=kirsi2.inet.fi) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LeWbs-0000aC-TM for grub-devel@gnu.org; Tue, 03 Mar 2009 10:32:45 -0500 Received: from [192.168.1.102] (84.248.105.254) by kirsi2.inet.fi (8.5.014) id 49ACED3A00055C12 for grub-devel@gnu.org; Tue, 3 Mar 2009 17:32:41 +0200 Message-ID: <49AD4D98.4010105@nic.fi> Date: Tue, 03 Mar 2009 17:32:40 +0200 From: =?ISO-8859-1?Q?Vesa_J=E4=E4skel=E4inen?= User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: The development of GRUB 2 References: <20090227205327.GA32242@thorin> In-Reply-To: <20090227205327.GA32242@thorin> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: Menu locks / password authentication X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2009 15:32:48 -0000 Robert Millan wrote: > It's funny, we're all discussing about performing security measurements in > GRUB and nobody mentioned that our user interface lacks even the most basic > lock mechanism :-) > > Perhaps this would be a good time to retake the discussion on implementing > an equivalent to "lock" and "password" commands. I think I even sent a patch > a while ago! > > Vesa, do you still think we should design an extensible framework for > authentication before we do anything else? I think it'd be interesting if > we could implement the lock/password paradigm, even if later it would be > replaced, since our users commonly need this, and it's blocking the > transition from GRUB Legacy. I think that most important thing at this time is to match needed functionality with GRUB legacy. So just make it clean and perhaps think a bit about how it can be easily extended :). I think there was some hash algorithms posted previously that could be used for this.