arvidjaar Flux Capacitor Penguin

Well, anyone can boot with init=/bin/sh and get access to root which will be unlocked and unencrypted. Unless there are some other means to prevent it that I am not aware of.

The way automatic unlocking is implemented cannot protect kernel command line because it happens before kernel command line becomes known.

1 reply

PerfMonk New or Quiet Penguin

Could we just block the “init” param in the kernel itself ? Or the possibility to modify grub ???

1 reply

PerfMonk New or Quiet Penguin

there is also in rescue the systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
and surely other ways …