From 0aa4840a81af17db5a206f5f2a59075368a5530e Mon Sep 17 00:00:00 2001 From: "Daniel,Liu" Date: Mon, 4 Sep 2017 23:07:41 -0400 Subject: [PATCH] grub encrypt has changed,now using pbkdf2 Signed-off-by: Daniel,Liu --- grub-installer | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/grub-installer b/grub-installer index 6a9127b..40ff106 100755 --- a/grub-installer +++ b/grub-installer @@ -1071,7 +1071,7 @@ if [ "$frdev" ] && \ fi # Set a password if asked -if [ "$grub_version" = "grub" ] ; then +if [ "$grub_version" = "grub2" ] ; then # Set up a password if asked or preseeded. password= db_get grub-installer/password-crypted @@ -1123,18 +1123,24 @@ if [ "$grub_version" = "grub" ] ; then db_fset grub-installer/password-again seen false done if [ "$password" ]; then - password=$(echo -e "md5crypt\n$password" | \ - $chroot $ROOT \ - grub --batch --device-map=/dev/null 2>&1 | \ - grep "^Encrypted:" | cut -d' ' -f2) + password=`echo -e "$password\n$password" | \ + $chroot $ROOT \ + grub-mkpasswd-pbkdf2 2>&1 | \ + grep "^PBKDF2" | cut -d' ' -f7` fi fi if [ "$password" ]; then - echo "password --md5 $password" >/tmp/menu.lst.password + echo "cat << EOF" >/tmp/menu.lst.password + echo "set superusers=\"root\"" >>/tmp/menu.lst.password + echo "password_pbkdf2 root $password" >>/tmp/menu.lst.password + echo "EOF" >>/tmp/menu.lst.password # Add a line to menu.lst to use the given password # The line is appended after the commented example - sed -i '/^# password/r /tmp/menu.lst.password' $ROOT/boot/grub/$menu_file + cat /tmp/menu.lst.password >> $ROOT/etc/grub.d/00_header + + # enter system do not need the bootloader password + sed -i "s/"menuentry /"menuentry --unrestrict /g" $ROOT/etc/grub.d/10_linux # By default, menu.lst is world-readable, which is not so good if it # contains a password. chmod o-r $ROOT/boot/grub/$menu_file -- 1.8.3.1