aboutsummaryrefslogtreecommitdiff
path: root/docs/gnulinux/encrypted_parabola.html
diff options
context:
space:
mode:
authorFrancis Rowe <info@gluglug.org.uk>2015-08-26 03:23:21 +0100
committerFrancis Rowe <info@gluglug.org.uk>2015-08-26 03:23:21 +0100
commit01e3cb72536c763e066a256ebfeb8880a06ac008 (patch)
treedefb0f2b6b75731db6c7a5c2a0bc13fe39f07452 /docs/gnulinux/encrypted_parabola.html
parent02f4e0fe03070da674a5d78b77edef3b6e833385 (diff)
downloadlibrebootfr-01e3cb72536c763e066a256ebfeb8880a06ac008.tar.gz
librebootfr-01e3cb72536c763e066a256ebfeb8880a06ac008.zip
docs/gnulinux/encrypted_parabola.html: clearer pword instructions
Diffstat (limited to 'docs/gnulinux/encrypted_parabola.html')
-rw-r--r--docs/gnulinux/encrypted_parabola.html48
1 files changed, 24 insertions, 24 deletions
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html
index 07bd5800..975db797 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -521,35 +521,13 @@ href="http://www.linux.com/news/software/applications/8208-all-about-linux-swap-
</p>
<p>
- Above the 'Load Operating System' menu entry you should also add a GRUB password, like so:
- </p>
- <pre><b><i>
-set superusers=&quot;root&quot;
-password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
- </i></b></pre>
- <p style="font-size:2em;">
- MAKE SURE TO DO THIS ON grubtest.cfg *BEFORE* DOING IT ON grub.cfg.
- Then select the menu entry that says <i>Switch to grubtest.cfg</i> and test that it works.
- Then copy that to grub.cfg once you're satisfied.
- WHY? BECAUSE AN INCORRECTLY SET PASSWORD CONFIG MEANS YOU CAN'T AUTHENTICATE, WHICH MEANS 'BRICK'.
- </p>
- <p>
- (emphasis added, because it's needed. This is a common roadblock for users)
- </p>
-
- <p>
- Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root.
- Change root on both of those 2 lines to whatever you want.
- </p>
-
- <p>
Start dhcp on ethernet:<br/>
# <b>systemctl start dhcpcd.service</b>
This is just for the step below. I won't cover network configuration here. That is for another Parabola article.
</p>
<p>
- The password hash (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile,
+ The password below (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile,
like so:<br/>
# <b>pacman -S grub</b>
</p>
@@ -566,7 +544,29 @@ password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB97
</p>
<p>
- With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal.
+ Above the 'Load Operating System' menu entry you should also add a GRUB password, like so (this example uses <b>password</b> as the password):
+ </p>
+ <pre><b><i>
+set superusers=&quot;root&quot;
+password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
+ </i></b></pre>
+ <p style="font-size:2em;">
+ MAKE SURE TO DO THIS ON grubtest.cfg *BEFORE* DOING IT ON grub.cfg.
+ Then select the menu entry that says <i>Switch to grubtest.cfg</i> and test that it works.
+ Then copy that to grub.cfg once you're satisfied.
+ WHY? BECAUSE AN INCORRECTLY SET PASSWORD CONFIG MEANS YOU CAN'T AUTHENTICATE, WHICH MEANS 'BRICK'.
+ </p>
+ <p>
+ (emphasis added, because it's needed. This is a common roadblock for users)
+ </p>
+
+ <p>
+ Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root.
+ Change root on both of those 2 lines to whatever you want.
+ </p>
+
+ <p>
+ With this configuration, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal.
This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware.
</p>