Passwords and Encryption
Defense in Depth
Since GRUB 2 passwords can be so easily circumvented, you might wonder if they are worth setting up, especially when one mistake can lock you out of your system and require awkward recovery time. It is true that depending only on GRUB 2's own security would provide weak protection. However, a basic principle of security is defense in depth.
Simply put, defense in depth means setting up as many security measures as possible. If one measure fails to stop an intruder, another one will. Moreover, if a security measure requires a time-consuming workaround, then an intruder has to be strongly motivated to persist, especially if there is a chance that other measures also have to be circumvented. In other words, some defenses are simply not worth the time to penetrate.
I would put GRUB 2's passwords and encryption into this second category. Their value lies less in absolute security than in their nuisance value for intruders and their role as only one of a number of defenses. If you doubt that, make a deliberate mistake in your GRUB 2 configuration and try to recover from it. Even if you know exactly what to do, you may still resent the loss of time. At that moment, you will understand why even relatively weak security can still be part of your defenses.
However, if you want truly strong encryption, encrypt the /boot
partition during installation; then, set up GRUB 2 following the concise instructions on the Debian wiki [4]. The instructions assume a higher degree of expertise than is required to edit GRUB 2 files, which is why I have not detailed them here.
Infos
- GRUB 2: https://www.gnu.org/software/grub/
- /etc/default/grub fields: https://help.ubuntu.com/community/Grub2/Setup#User_Settings:_.2Fetc.2Fdefault.2Fgrub
- Sample /etc/grub.d files: https://www.apt-browse.org/browse/ubuntu/trusty/main/i386/grub-common/2.02~beta2-9/file/etc/grub.d/
- GRUB 2 and encrypted boot: https://wiki.debian.org/Grub2#Configure_encrypted_.2Fboot
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
News
-
KaOS 2022.06 Now Available With KDE Plasma 5.25
The newest iteration of KaOS Linux not only adds the latest KDE Plasma desktop but sets LibreOffice as the default.
-
Manjaro 21.3.0 Is Now Available
Manjaro “Ruah” has been released and includes the latest Calamares installer, GNOME 42, and much more.
-
SpiralLinux is a New Linux Distribution Focused on Simplicity
A new Linux distribution, from the creator of GeckoLinux, is a Debian-based operating system with a focus on simplicity and ease of use.
-
HP Dev One Linux Laptop is Now Available for Pre-Order
The System76/HP collaboration Dev One laptop, geared toward developers, is now available for pre-order.
-
NixOS 22.5 Is Now Available
The latest release of NixOS with a much-improved package manager and a user-friendly graphical installer.
-
System76 Teams up with HP to Create the Dev One Laptop
HP and System76 have come together to develop a new laptop, powered by Pop!_OS and aimed toward developers.
-
Titan Linux is a New KDE Linux Based on Debian Stable
Titan Linux is a new Debian-based Linux distribution that features the KDE Plasma desktop with a focus on usability and performance.
-
Danielle Foré Has an Update for elementary OS 7
Now that Ubuntu 22.04 has been released, the team behind elementary OS is preparing for the upcoming 7.0 release.
-
Linux New Media Launches Open Source JobHub
New job website focuses on connecting technical and non-technical professionals with organizations in open source.
-
Ubuntu Cinnamon 22.04 Now Available
Ubuntu Cinnamon 22.04 has been released with all the additions from upstream as well as other features and improvements.