I was asked today for a grub2 menu which would protect the E2B USB drive from being cloned onto another drive.
The lines below can be added into your startup_menu.txt file.
It checks the total drive capacity of your E2B USB drive - if it is not as expected, then it displays a graphics file (candle in this case) and then prompts you to enter a password (3 chances). If the user does not know the password, then it loads a 'guest' menu, but it could just as easily shutdown or reboot the PC.
You can display any graphics file you like (.png, .jpg, .bpm) and you can change the messages, etc. as you wish.
# Example code for placing in startup_menu.txt menu files
# Checks USB total size (prevents cloning unless identical drive used) - admin must change to correct size
# If disk size is wrong, display a graphics image - user presses ENTER - prompts 3 times for admin password
# If password wrong then load guest_menu.txt menu file
#
# To use, set bmp_path, ADMINPWD and the disk size of your particular E2B USB disk
# get the total capacity of the USB boot drive into variable DSIZE
stat -s DSIZE -z (${bootdev}) -q
if ! [ "${DSIZE}" == "500107862016" ];
then
set ADMINPWD=e2b
set bmp_path="(hd0,1)/_ISO/MAINMENU/candle2020.jpg";
lua ${prefix}/view.lua;
echo "BAD E2B DISK [$DSIZE]";
set POK=1
if ! [ "${POK}" == "0" ];
then
echo
echo -n "ENTER PASSWORD: "
read pwd asterisk
if [ "${pwd}" = "${ADMINPWD}" ] ; then set POK=0;fi
fi
if ! [ "${POK}" == "0" ];
then
echo
echo -n "ENTER PASSWORD: "
read pwd asterisk
if [ "${pwd}" = "${ADMINPWD}" ] ; then set POK=0;fi
fi
if ! [ "${POK}" == "0" ];
then
echo
echo -n "ENTER PASSWORD: "
read pwd asterisk
if ! [ "${pwd}" = "${ADMINPWD}" ] ; then echo; echo "ERROR: BAD PASSWORD [${pwd}] - loading Guest Menu..."; sleep 3; configfile "(${user})/boot/grubfm/guest_menu.txt"; fi
fi
unset ADMINPWD
unset POK
fi
unset DSIZE
This sample code will be included in the next version of agFM in the \e2b\Sample agFM menu files folder.
You startup_menu.txt file will be in plain text and so the ADMINPWD can be seen by anyone, but you can 'encrypt' the startup_menu.txt by compressing it to a .gzip file using 7zip (but keep the file name the same).
The Easy2Boot grub4dos menu can be protected in a similar way (see here).
No comments:
Post a Comment