libreboot
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Password protected Grub entries

From: The Gluglug
Subject: Re: [Libreboot] Password protected Grub entries
Date: Wed, 20 May 2015 11:15:39 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 20/05/15 10:30, The Gluglug wrote:
> Beni,
> 
> I gave it some thought today, and decided that it's actually
> dangerous to have --unrestricted in your GRUB config. I've since
> removed the instructions from the documentation. You can see my
> reasoning in this commit:
> 
> http://libreboot.org/gitweb/?p=libreboot.git;a=commitdiff;h=a2616e852ba1d861209f66ce4afc8728117a1acd
>
>  I recommend not using --unrestricted on your system, either.

It might be safe to use it with --unrestricted, if you configure GRUB
to only boot kernels that are signed with your GPG key. You can look
at this page for information about how to do that:

http://www.coreboot.org/GRUB2#signed_kernels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVXF7LAAoJEP9Ft0z50c+UMQ8H/j/McZH0qmQV/cKaSEUBDCPf
lKsKVAtNqvBKfV4pVqwKQD/kfcWPY93Rvn0TMV8MQ51r9nWvhFIj+dsD3CzhQFZl
kLEaOLjdwnYaNtfEwzODclVuVTP0XPEWJUdCSfFTV80TR6ZscZxbgglAmtazThsm
pvtLteLm5mwmz4XjMoKTDYi5+OXNQp6dWAmV9t/O0Ojql18GUKItevmd8UzvSCif
WK0BSYSHiQ+vn4MoTzJ3tM4Q7C9FKruvLGSIVZYC+gJIUSEnoEH1G9gNbPBHAMpZ
u+oxuSUsGo/itzrL7aqlYv5MgtXm70bKkaX2g9lv2I/aBtbASlgvm2fhPwyxsrU=
=ughS
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]