Protect syslinux menu?

RobertBuhren · 2011-09-05 21:36:37

Hi there,

i`ve just started to explore arch linux and also some new software i haven`t used before, like syslinux. Is it possible to protect the whole syslinux menu with a password?So that noone even sees the menu entries. I`d like to accomplish a setup like this: When the laptop boots, there is no sign of the bootloader at all unless a certain key is pressed during startup (e.g. shift) otherwise the default system is booted. When this key is pressed the booloader should ask for a password and then allowing access to the boot menu. With this config i can`t access the menu anymore. I hope someone can point me to the right information

Thanks in advance,

Robert

PS: Here`s my current syslinux.cfg:

# Config file for Syslinux -
# /boot/syslinux/syslinux.cfg
#
# Comboot modules:
#   * menu.c32 - provides a text menu
#   * vesamenu.c32 - provides a graphical menu
#   * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders
#   * hdt.c32 - hardware detection tool
#   * reboot.c32 - reboots the system
#   * poweroff.com - shutdown the system
#
# To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux.
# If /usr and /boot are on the same file system, symlink the files instead
# of copying them.
#
# If you do not use a menu, a 'boot:' prompt will be shown and the system
# will boot automatically after 5 seconds.
#
# Please review the wiki: https://wiki.archlinux.org/index.php/Syslinux
# The wiki provides further configuration examples

DEFAULT arch
PROMPT 0        # Change to 1 if you do not want to use a menu
TIMEOUT 10
NOESCAPE 1
# You can create syslinux keymaps with the keytab-lilo tool
#KBDMAP de.ktl
MENU MASTER PASSWD  "somepassword"
MENU SHIFTKEY 1
# Menu Configuration
# Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux 
UI menu.c32
#UI vesamenu.c32
# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
MENU TITLE Arch Linux
#MENU BACKGROUND splash.png
MENU COLOR border       30;44   #40ffffff #a0000000 std
MENU COLOR title        1;36;44 #9033ccff #a0000000 std
MENU COLOR sel          7;37;40 #e0ffffff #20ffffff all
MENU COLOR unsel        37;44   #50ffffff #a0000000 std
MENU COLOR help         37;40   #c0ffffff #a0000000 std
MENU COLOR timeout_msg  37;40   #80ffffff #00000000 std
MENU COLOR timeout      1;37;40 #c0ffffff #00000000 std
MENU COLOR msg07        37;40   #90ffffff #a0000000 std
MENU COLOR tabmsg       31;40   #30ffffff #00000000 std
MENU HIDDEN
# boot sections follow
#
# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
#
#-*

# (0) Arch Linux
LABEL arch
    MENU LABEL Arch Linux
    LINUX ../vmlinuz-linux
    APPEND root=/dev/sda4 ro
    INITRD ../initramfs-linux.img

# (1) Arch Linux Fallback
LABEL archfallback
    MENU LABEL Arch Linux Fallback
    LINUX ../vmlinuz-linux
    APPEND root=/dev/sda4 ro
    INITRD ../initramfs-linux-fallback.img

# (2) Windows
#LABEL windows
#COM32 chain.c32
#APPEND hd0 0

LABEL hdt
    MENU LABEL HDT (Hardware Detection Tool)
    COM32 hdt.c32

LABEL reboot
    MENU LABEL Reboot
    COM32 reboot.c32

LABEL off
    MENU LABEL Power Off
    COMBOOT poweroff.com

HuckleSmothered · 2014-05-14 16:43:20

According to the SYSLINUX wiki, the best option I could come up with was to disable any ability to append anything, and thus an S or a 1 for single-user runlevels.

Add ALLOWOPTIONS to the syslinux.cfg file. Nothing after it. Which means there are no allowed append options. Seems to work better than a password.

teateawhy · 2014-05-14 17:35:30

There is no point about this. As the configuration file is unencrypted everyone can read it in anyway.

ewaller · 2014-05-14 22:36:35

I hope that RobertBuhren is not still looking for a solution all these years later

Closing.

Arch Linux

#1 2011-09-05 21:36:37

Protect syslinux menu?

#2 2014-05-14 16:43:20

Re: Protect syslinux menu?

#3 2014-05-14 17:35:30

Re: Protect syslinux menu?

#4 2014-05-14 22:36:35

Re: Protect syslinux menu?

Board footer