thanks tim.<br><br>---------- Forwarded message ----------<br>From: Tim <<a href="mailto:ignored_mailbox@yahoo.com.au">ignored_mailbox@yahoo.com.au</a>><br>To: Community support for Fedora users <<a href="mailto:users@lists.fedoraproject.org">users@lists.fedoraproject.org</a>><br>
Date: Sat, 12 Jun 2010 15:07:11 +0930<br>Subject: Re: Re: Help required<br>On Sat, 2010-06-12 at 00:46 +0530, Pallav Jain wrote:<br>
>> This password will only be used within the grub menu. You can, of<br>
>> course, use the same password in more than one place. But the MD5<br>
>> crypted version of it will be different.<br>
><br>
> (1). Does it mean that the grub is secured now, after implementing<br>
> this in the grub.conf file. (2). If the grub is secured and the only<br>
> bootable is device is only Harddisk, still the encryption of<br>
> hard-drives is requried? may be for the enhanced security.<br>
<br>
It's only secured in that you can't easily *change* options when booting<br>
the computer up in the ordinary way. It's easily bypassed by booting<br>
the computer, differently.<br>
<br>
If you want to secure the contents of the drive against theft, snooping,<br>
sabotage, or practical jokers, you'll need to encrypt it.<br>
<br>
> while i added the encrypted password in the grub.conf file, now after<br>
> restarting it asks me password one more time than usual, that is, one<br>
> password of starting the pc (of bios), second after selecting the<br>
> fedora or winxp (respective) and third logging to that OS (fedora or<br>
> XP). (3). But i don't know why it is asking the second password in the<br>
> blank black screen? is it the effect of grub.conf file, which was<br>
> edited? further if i press 'e' at the menu display, i see the encypted<br>
> password, so only authorised one (like one who knows the password) can<br>
> edit the same.<br>
<br>
When you turn on the computer, the first thing that goes to work is the<br>
BIOS firmeware. It's used to boot up the computer (from a disc drive,<br>
of some sort, or over a network). Usually, you can set two types of<br>
passwords into that BIOS: A password that'll need to be entered before<br>
you can boot anything. And/or a password for being allowed to change<br>
settings. Some BIOSs will let you set both types. For most things, I'd<br>
say only bother with setting a password to lock out changing BIOS<br>
settings. But for something with important confidential data, such as a<br>
laptop that could be easily stolen, you're best to take all the steps<br>
that you can.<br>
<br>
Next, the BIOS will start loading the bootblock of the harddrive, and<br>
this is where GRUB comes into play. It's options and settings control<br>
what happens next. You can set passwords for whether you can change its<br>
options. You can set passwords for what can be loaded next. You can<br>
set individual passwords for each different thing, or you can simply use<br>
the same password for the things that you want restricted.<br>
<br>
<br>
>> I've typed in the same password, and each time it encrypts it, the<br>
>> encrypted version will be different.<br>
><br>
> (4). yes the encrypted version is different, but is it the last one<br>
> that i have to add in the grub.conf file<br>
<br>
Either will do, because (simply put) they all decrypt back to the same<br>
password.<br>
<br>
> (5). Why it is so that 'chainloader +1' is only in the second titles'<br>
> section and in the first title section it is 'root' while in the<br>
> second is 'rootnoverify'.<br>
<br>
Different requirements for booting different systems. Whether GRUB is<br>
passing over (chainloader) to a bootblock on another drive, or<br>
partition, and that other thing will take over booting. Or whether GRUB<br>
is going to start booting an OS, more directly.<br>
<br>
You really want to look at the manuals for GRUB. The man page is rather<br>
dire, but the info file is much more extensive, as is the website.<br>
<br>
See: info grub<br>
or: <a href="http://www.google.com.au/search?q=grub" target="_blank">http://www.google.com.au/search?q=grub</a><br>
<br>
--<br>
[tim@localhost ~]$ uname -r<br>
2.6.27.25-78.2.56.fc9.i686<br>
<br>
Don't send private replies to my address, the mailbox is ignored. I<br>
read messages from the public lists.