Security and grub2 (was: Debian Project News - May 31st, 2010)

Alexander Reichle-Schmehl tolimar at debian.org
Mon May 31 13:56:43 UTC 2010


Hi Wolfgang,

Am 31.05.2010 15:33, schrieb Wolfgang Gruhn:

>> William Pitcock explained [17] that due to some limitations (for example
>> in the size of supported kernels) the boot loader LILO [18] is about to
>> be removed from the upcoming release of Debian 6.0 "Squeeze". He
>> therefore asked users to test the replacement boot loader GRUB 2 [19].
> GRUB version 2 cannot be accepted (because of security reasons) as long
> as the PASSWORD command is ignored. Please inform the developers to use
> GRUB version 1 instead, thanks!

To the best of my knowledge, GRUB 2 supports restricting different boot
menus in a far more flexible way than GRUB 1 did.  I found a small
introduction at http://grub.enbug.org/Authentication, however I'm unsure
about the plain text passwords statement and how to best integrate that
into Debian's configuration handling.

GRUB maintainers, could you please comment on that?


Best regards,
  Alexander



More information about the Pkg-grub-devel mailing list