diff options
-rw-r--r-- | docs/gnulinux/encrypted_parabola.html | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index 07bd580..975db79 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -521,35 +521,13 @@ href="http://www.linux.com/news/software/applications/8208-all-about-linux-swap- </p> <p> - Above the 'Load Operating System' menu entry you should also add a GRUB password, like so: - </p> - <pre><b><i> -set superusers="root" -password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711 - </i></b></pre> - <p style="font-size:2em;"> - MAKE SURE TO DO THIS ON grubtest.cfg *BEFORE* DOING IT ON grub.cfg. - Then select the menu entry that says <i>Switch to grubtest.cfg</i> and test that it works. - Then copy that to grub.cfg once you're satisfied. - WHY? BECAUSE AN INCORRECTLY SET PASSWORD CONFIG MEANS YOU CAN'T AUTHENTICATE, WHICH MEANS 'BRICK'. - </p> - <p> - (emphasis added, because it's needed. This is a common roadblock for users) - </p> - - <p> - Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root. - Change root on both of those 2 lines to whatever you want. - </p> - - <p> Start dhcp on ethernet:<br/> # <b>systemctl start dhcpcd.service</b> This is just for the step below. I won't cover network configuration here. That is for another Parabola article. </p> <p> - The password hash (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile, + The password below (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile, like so:<br/> # <b>pacman -S grub</b> </p> @@ -566,7 +544,29 @@ password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB97 </p> <p> - With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal. + Above the 'Load Operating System' menu entry you should also add a GRUB password, like so (this example uses <b>password</b> as the password): + </p> + <pre><b><i> +set superusers="root" +password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711 + </i></b></pre> + <p style="font-size:2em;"> + MAKE SURE TO DO THIS ON grubtest.cfg *BEFORE* DOING IT ON grub.cfg. + Then select the menu entry that says <i>Switch to grubtest.cfg</i> and test that it works. + Then copy that to grub.cfg once you're satisfied. + WHY? BECAUSE AN INCORRECTLY SET PASSWORD CONFIG MEANS YOU CAN'T AUTHENTICATE, WHICH MEANS 'BRICK'. + </p> + <p> + (emphasis added, because it's needed. This is a common roadblock for users) + </p> + + <p> + Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root. + Change root on both of those 2 lines to whatever you want. + </p> + + <p> + With this configuration, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal. This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware. </p> |