-
Epic
-
Resolution: Won't Do
-
Normal
-
None
-
None
-
GRUB password
-
False
-
-
False
-
Not Selected
-
To Do
-
OCPSTRAT-831 - Set grub bootloader pw - Tech Preview
-
-
0% To Do, 50% In Progress, 50% Done
-
0
-
0
As an OCP admin/user,
I want to be able to set a pasword to lock all GRUB configuration changes,
in order to meet compliance / security goals.
This includes preventing users from gaining root access on systems by editing the GRUB config / kernel arguments or booting a previous version of the OS with a known vulnerability for example.
The first step for this Epic is in https://issues.redhat.com/browse/COS-116.
To enable this feature for RHCOS/OCP, this requires the following work in the MCO:
- Ensure that the MCO skips/knows how to deal with files in /boot which is now RO in RHCOS. This one we should probably do after this is completed to make sure that we don't have issues there.
- Enable day 2 setup of this feature via a MachineConfig. This probably requires a lot more discussion and another card to track the work.
—
Given the non-trivial amount of work needed in the MCO to support that feature and given the fact that RHCOS support is now available for new installations only, refocus that Epic on Technology Preview support for new installations only.
- is related to
-
RFE-1480 Need to enable password for grub2
-
- Under Review
-
-
-
- New
-
