GNU GRUB (GNU Grand Unified Bootloader) is a boot loader package from the GNU Project.
Questions tagged [grub]
11 questions
49
votes
2 answers
What is happening now with the Grub backspace key security vulnerability?
I just read a few articles about a new Grub vulnerability. The article said that you can bypass the password protection by pressing backspace twenty eight times.
I am a security guy and I am concerned about the vulnerability, so I would like to know…
Henry WH Hack v3.0
- 2,109
- 2
- 23
- 37
12
votes
2 answers
Encrypting the /boot partition in a Linux system can protect from an Evil Maid Attack?
If the boot partition is encrypted (and the passphrase to unlock the device must be entered in GRUB before the boot sequence starts) is the system considerable safe from an Evil Maid Attack?
TheMoltenJack
- 121
- 1
- 3
5
votes
1 answer
Decryption using GRUB and TPM
I'm trying to plan security routine for my new Linux install and few questions came up during searching for solution which meet my needs.
Is it possible to use private key from TPM in GRUB to decrypt /boot partition located on external storage?
Is…
Matthew
- 53
- 1
- 3
5
votes
2 answers
Impact of Mathew Garrett's Secure GRUB Bootloader on UEFI Secure Boot
My eyebrows rose with Matthew Garrett announcing his Secure GRUB Bootloader less than three hours after no longer being a Red Hat employee. This work and its impact on the trust chain design of the UEFI secure boot now being implemented on Windows…
zedman9991
- 3,377
- 15
- 22
3
votes
2 answers
How to protect Linux partition from access from Windows partition?
In a dual-boot environment (windows? and linux mint 15) What would be best best way to prevent access to the linux partition(s) when the system is booted into windows 7?
The goal would be to prevent windows malware from modifying the contents of…
user13779
2
votes
0 answers
How to prevent grub.cfg from breaking the chain of trust?
First some definitions and common understanding.
The premise of secure boot is that each binary get's verified before
it is loaded. This starts with the firmware in ROM verifying the EFI
application.
For the case of a Linux boot that EFI…
TheMeaningfulEngineer
- 163
- 6
1
vote
2 answers
Laptop tampering and boot loader
I try to find out how far I can secure my laptop from physical access and tampering attempts.
Setup: ThinkPad with Linux installation
What I have done so far:
disk encryption using cryptsetup for everything except /boot
entering UEFI setup menu is…
firefexx
- 189
- 6
1
vote
0 answers
Is grub implementation of secure boot inherently flawed?
Definitions
Grub is the second stage bootloader often found in Linux distributions.
shim is the first bootloader ran by the ROM firmware. It is signed by Microsoft.
ROM firmware is the code embedded in the hardware which implements the UEFI…
TheMeaningfulEngineer
- 163
- 6
1
vote
0 answers
Entered FDE password in GRUB by mistake
For several reasons (I have an external monitor, etc.) when I booted the laptop I typed the FDE (Full Disk Encryption on Linux, LUKS) without looking at the monitor, and I ended up typing the full password and hitting enter before the FDE prompt was…
reed
- 15,398
- 6
- 43
- 64
1
vote
2 answers
Would it add security to set a GRUB password if HDDs are encrypted and UEFI settings can be opened anyway?
So I'm using Debian 9.1 with KDE and have my hard drives encrypted. Now I'm wondering whether to additionally add a GRUB password as described here.
Would that make sense? As the hard drives are encrypted nobody should be able to boot/access them…
mYnDstrEAm
- 319
- 2
- 17
1
vote
1 answer
Is that a way break Linux user password by bypassing grub protected?
The best way to delve into others Linux machine is by editing the grub.
Many will start by, editing the line ro quite splash as rw init=/bin/bash during the startup (usually by pressing button e on the list). Second is using the recovery mode.
To…
GAD3R
- 2,211
- 3
- 15
- 38