On Thu, Mar 19, 2020 at 06:52:52PM +0100, Marius Schwarz wrote: > Am 19.03.20 um 17:11 schrieb Michael Cronenworth: > > On 3/19/20 11:04 AM, Marius Schwarz wrote: > >> correct and thats the main issue, as long you have grub where you can > >> edit the kernel line to start in runlevel 1. > >> This makes the encryption null and void. > > > > Adding a grub password will prevent those without it from editing your > > boot parameters. By default you can still boot without the grub > > password. Does that help? > > It would solve a problem. > > - does it prevent updates ( after booting into rl 5 ) of grub? Yes. Updating GRUB, kernel, and initramdisk requires a physical access (or better said a trusted environment). -- Petr
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
