Help required (Tim)

[Pallav Jain]

thanks tim.

---------- Forwarded message ----------
From: Tim <ignored_mailbox at yahoo.com.au>
To: Community support for Fedora users <users at lists.fedoraproject.org>
Date: Sat, 12 Jun 2010 15:07:11 +0930
Subject: Re: Re: Help required
On Sat, 2010-06-12 at 00:46 +0530, Pallav Jain wrote:
>> This password will only be used within the grub menu.  You can, of
>> course, use the same password in more than one place.  But the MD5
>> crypted version of it will be different.
>
> (1). Does it mean that the grub is secured now, after implementing
> this in the grub.conf file. (2). If the grub is secured and the only
> bootable is device is only Harddisk, still the encryption of
> hard-drives is requried? may be for the enhanced security.

It's only secured in that you can't easily *change* options when booting
the computer up in the ordinary way.  It's easily bypassed by booting
the computer, differently.

If you want to secure the contents of the drive against theft, snooping,
sabotage, or practical jokers, you'll need to encrypt it.

> while i added the encrypted password in the grub.conf file, now after
> restarting it asks me password one more time than usual, that is, one
> password of starting the pc (of bios), second after selecting the
> fedora or winxp (respective) and third logging to that OS (fedora or
> XP). (3). But i don't know why it is asking the second password in the
> blank black screen? is it the effect of grub.conf file, which was
> edited? further if i press 'e' at the menu display, i see the encypted
> password, so only authorised one (like one who knows the password) can
> edit the same.

When you turn on the computer, the first thing that goes to work is the
BIOS firmeware.  It's used to boot up the computer (from a disc drive,
of some sort, or over a network).  Usually, you can set two types of
passwords into that BIOS:  A password that'll need to be entered before
you can boot anything.  And/or a password for being allowed to change
settings.  Some BIOSs will let you set both types.  For most things, I'd
say only bother with setting a password to lock out changing BIOS
settings.  But for something with important confidential data, such as a
laptop that could be easily stolen, you're best to take all the steps
that you can.

Next, the BIOS will start loading the bootblock of the harddrive, and
this is where GRUB comes into play.  It's options and settings control
what happens next.  You can set passwords for whether you can change its
options.  You can set passwords for what can be loaded next.  You can
set individual passwords for each different thing, or you can simply use
the same password for the things that you want restricted.


>> I've typed in the same password, and each time it encrypts it, the
>> encrypted version will be different.
>
> (4). yes the encrypted version is different, but is it the last one
> that i have to add in the grub.conf file

Either will do, because (simply put) they all decrypt back to the same
password.

> (5). Why it is so that 'chainloader +1' is only in the second titles'
> section and in the first title section it is 'root' while in the
> second is 'rootnoverify'.

Different requirements for booting different systems.  Whether GRUB is
passing over (chainloader) to a bootblock on another drive, or
partition, and that other thing will take over booting.  Or whether GRUB
is going to start booting an OS, more directly.

You really want to look at the manuals for GRUB.  The man page is rather
dire, but the info file is much more extensive, as is the website.

See:  info grub
or:  http://www.google.com.au/search?q=grub

--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100613/a9c09ecf/attachment-0001.html