Uploaded image for project: 'CoreOS OCP'
  1. CoreOS OCP
  2. COS-1418

Support GRUB bootloader password - Technology Preview

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • GRUB password
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-831 - Set grub bootloader pw - Tech Preview
    • OCPSTRAT-831Set grub bootloader pw - Tech Preview
    • 0% To Do, 50% In Progress, 50% Done
    • 0
    • 0

      As an OCP admin/user,
      I want to be able to set a pasword to lock all GRUB configuration changes,
      in order to meet compliance / security goals.

      This includes preventing users from gaining root access on systems by editing the GRUB config / kernel arguments or booting a previous version of the OS with a known vulnerability for example.

      The first step for this Epic is in https://issues.redhat.com/browse/COS-116.

      To enable this feature for RHCOS/OCP, this requires the following work in the MCO:

      • Ensure that the MCO skips/knows how to deal with files in /boot which is now RO in RHCOS. This one we should probably do after this is completed to make sure that we don't have issues there.
      • Enable day 2 setup of this feature via a MachineConfig. This probably requires a lot more discussion and another card to track the work.

      Given the non-trivial amount of work needed in the MCO to support that feature and given the fact that RHCOS support is now available for new installations only, refocus that Epic on Technology Preview support for new installations only.

              travier@redhat.com Timothée Ravier
              travier@redhat.com Timothée Ravier
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: