Grub Password-protection

Password-protecting Grub may be necessary if the BIOS doesn’t have password support and you could be in a better environment.

Decide what the password is going to be and don’t forget it ;). To encrypt a password to put in your grub configuration file, use:

$ grub-md5-crypt
Password:
Retype password:
$1$ZOGor$GABXUQ/hnzns/d5JYqqjw

Type in the password twice and copy the md5 encrypted password to /boot/grub/menu.lst:

# /boot/grub/menu.lst
password –md5 $1$ZOGor$GABXUQ/hnzns/d5JYqqjw

The password line must be on one of the first few lines of the menu.lst file. If there are a lot of comments at the beginning of the grub.conf file don’t try to put it after them or it won’t work either. Also, take out the timeout value if you have one as it can sometimes cause problems.

Now each boot entry much be told to be locked if you want it to be:

title Gentoo Linux 2.6.27
lock
root (hd0,4)
kernel /boot/kernel-2.6.27 root=/dev/sda5

Tallyho!

About these ads

About Gen2ly

<3's linux

Posted on 2009-01-07, in Linux. Bookmark the permalink. 4 Comments.

  1. With MD5 not being safe enough anymore …is this trick possible with other encryptions as well? SHA512, EAP etc.?

  2. I don’t know exactly how this works, but it looks like this leaves your data open to anyone who can mount your disk from a livecd or steal your hard disk, so I would rather recommend encrypting your block device(s) with dm_crypt/luks. That’s what I do on my systems and I really like it :)

  3. @ Matija

    I haven’t seen grub use any other form of password encryption so the answer is probably no, though a good length password should be hard to de-crypt.

    @ Dieter_be

    Yes Dieter, hmm, its a good idea to lock out booting with DVD/CD drives as this can be used to circumvent password-protection. Of course if someone steals your hard-disk you’d be SOL anyway. Encrypting a block device is also a good alternative but I have yet to try it.

  1. Pingback: Gentoo Quick Install | shahverdY

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 52 other followers

%d bloggers like this: