[Bug 850725] New: give user ability to completely secure the system by adding grub password option at install time
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c0 Summary: give user ability to completely secure the system by adding grub password option at install time Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: i586 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Installation AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: grey-olli@ya.ru QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 Currently to secure the system an ordinary user require system administrator for step 2 below. The idea is to allow people use their computing securely w/o requirement to invite any 3d party. By complete relatively secure install I mean the following options: 1. The entire system except /boot is encrypted, the /boot is placed on removable media that is kept in secure location and used only on kernel updates. 2. The bootloader has password that restricts abilities to alter boot sequence. 3. The hard drive connection is secured by a seal label (common solution). Te 1st and 3d steps are in control of a user. The 2nd is not an option for ordinary user and require him/her to dig into bootloader details or call a 3d party. Reproducible: Always Steps to Reproduce: 1. Try to find how to set grub password via installation gui. 2. 3. Actual Results: fail Expected Results: Ordinary users should not be in need to invade potential security problem by calling any 3d party to securely use their computing environment. Currently this is not an option. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c1 Olli Artemjev <grey-olli@ya.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High CC| |grey-olli@ya.ru Found By|--- |Community User Target Milestone|--- |Final OS/Version|Other |openSUSE 12.3 --- Comment #1 from Olli Artemjev <grey-olli@ya.ru> 2013-11-15 17:04:14 UTC --- found this in 12.3, but guess this is the same for all the products. I think that is dessign issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c2 --- Comment #2 from Olli Artemjev <grey-olli@ya.ru> 2013-11-15 17:06:22 UTC --- By complete relatively secure install I mean the following options: 0. The power on require a bios password.The BIOS reset option is protected by seal label. 1. The entire system except /boot is encrypted, the /boot is placed on removable media that is kept in secure location and used only on kernel updates. 2. The bootloader has password that restricts abilities to alter boot sequence. 3. The hard drive connection is secured by a seal label (common solution). Te 1st and 3d steps are in control of a user. The 2nd is not an option for ordinary user and require him/her to dig into bootloader details or call a 3d party. sorry for missing 0) in 1st comment. =) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c3 --- Comment #3 from Olli Artemjev <grey-olli@ya.ru> 2013-11-15 17:33:55 UTC --- Sure the removable /boot will be required to boot, not only for kernel upgrade. Your captain obvious ) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c zhang jiajun <jzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jzhang@suse.com AssignedTo|bnc-team-screening@forge.pr |duwe@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c Torsten Duwe <duwe@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|duwe@suse.com |bnc-team-screening@forge.pr | |ovo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c zhang jiajun <jzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |kernel-maintainers@forge.pr |ovo.novell.com |ovo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c zhang jiajun <jzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |aj@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850725 https://bugzilla.novell.com/show_bug.cgi?id=850725#c Andreas Jaeger <aj@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|aj@suse.com |mchang@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com