Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
Re: [opensuse-factory] New Tumbleweed installation: when grub2 password set, user root and grub password asked at every boot

Am Donnerstag, 29. Oktober 2015 schrieb stakanov@xxxxxxxxxx:
This is a fresh install of the latest snapshot of TW with
password protected grub and Luks LVM. No gimmicks other than this
modified or set. So this does not work, at least if the BIOS is not
UEFI but an older Award BIOS. I checked and that option to allow boot
if no parameters are altered is already set. I did unset it and reset
it and safed. Still it askes for password of grub2 or it will not

There are two possibilities:
a) bug in grub

b) malware in the usb-firmware setting a boot parameter before
starting up the system.

That's very unlikely - even if your "strange" USB key does or did
something behind your back, I doubt it got enough permissions to
permanently modify your boot parameters. Or I'm not paranoid enough ;-)

That raised in me the doubt that
something emulated the keyboard. Even more so because I had the very
same behavior before on my notebook. On that notebook after inserting
an USB key of untrusted source, my password in a CLI for root
suddenly echoed, my system was blocking and I found rcp-bind
listening permanently and persistent on port 111 to the www. The
keyboard would not work anymore on the docking station after a kernel
upgrade while the notebook keyboard did. (While the usb-key in
question was used only once on the notebook w/o dockingstation. That
famous foreign usb-key did not mount as expected in opensuse.
Actually, it did not mount at all because in secure mode, the pop-up
asking root to mount it was never appearing. Hence I gave it a try
with a new install from scratch by formatting all the HDD and then
giving it a try. This very USB-key I did use it also on my PC
afterwards (because I was rightly not knowing about a potential
problem with USB.

Do you still have the logs from plugging in that strange USB key?
They would be helpful to find out if it's really malicious or "just"

Long story short, that's all fishy to me and I would like to be sure
not having "little green men".

s/men/geekos/ ;-)

In the light of the bad-usb story (which can be apparently programmed
by whatever script kiddy), how can one check if an unwanted boot
parameter has been passed to grub while booting up? Or does
journalctl document such parameters somewhere?

Either check the parameters in grub (maybe you need to press escape to
get the text and then the edit mode - the graphical mode does not
display all parameters [1]), or check /proc/cmdline.

BTW, i am also getting
while booting the system now the following error message in my logs
that I sincerely do not understand: from "journalctl -r". AFAIK I do
not have an fstab in Tumbleweed from the scratch.

Oct 29 09:19:25 linux-e3dj systemd[1]: Started Reload Configuration
from the Real Root. Oct 29 09:19:25 linux-e3dj systemd[1052]:
/usr/lib/systemd/system-generators/systemd-fstab-generator failed
with error code 1. Oct 29 09:19:25 linux-e3dj
systemd-fstab-generator[1055]: Failed to create mount unit file
/run/systemd/generator/sysroot.mount, as it already exists. Duplicate
entry in /etc/fstab?

IIRC this might be caused by having a root= boot parameter and a fstab
entry for your root partition - search the list archives for the log
message and how to solve it.


Christian Boltz

[1] at least the good old grub1 displays only parameters after the
"showopts" keyword in graphical mode
<tyhicks> bah, shouldn't have said that "I was done"
[from #apparmor]

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >