Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does your BIOS support turning off the ability to boot from anything except the hard disk (and password protecting the settings)? Also, hdparm supports a '-r' flag to make a drive read-only but I don't know if the setting is permanent and it's probably not the effect you want anyway.
If your whole hard disk is read-only you will have trouble booting. Are you trying to keep a known configuration or stop users modifying files? There may be another way to do what you need to.
when i mess Linux to a state when it is unrecoverable i insert CD and install anew...
is it possible to set up password so that HD is protected from this??
i mean if somebody wants to erase Linux taht way... accidently or intently...
tnx
It depends on your computer's BIOS - it is possible to password protect your BIOS settings so that they can't be changed without a password, then you need to set up your BIOS so you can't boot with a CD without changing the BIOS and entering a password.
There's only so much you can do though - if someone with a screwdriver has access to your PC they can just walk away with your hard disk.
password-protecting your Bios from being changed (after you set it to boot _only_ from HDD and not offering any choices like a boot-menu which can be used to boot something other than what you installed and/or password-protecting the boot menu from being changed if you need to have one) is the only way to prevent anyone from just popping in a CD and do _whatever_ they want - locking away your PC when you are not there left aside - anyone who has physical access to your PC can still do pretty much everything...(by taking the harddisk out for example...)
hmmm, that's strange - only one level of security...
what exactly is MBR?? master boot record...
is it the first thing to be read when boot initiates??
if somehow i make it read-only??
you cannot write protect a harddisk and much less parts of it - well you can, but this is on the operating-system-level - when there is a system already running.
MBR is the first few (512 ?) bytes of a harddisk and is read by bios to find information on how to continue in bringing up the system.
To prevent anyone from just booting your machine in a different way than you wanted or by using another medium (CD...) you can only password protect the Bios against making changes to it.
There is a feature to password-protect harddisks (depends on the model used - this is on hardware-level) - but there is like no way in the world to get to or change the data on it if you loose that password - no recovery whatsoever - not even by taking the disk to another machine.
If you are concerned about someone reading your data - there is encryption of files and even the whole disk - so someone can take it away, but will not be able to read or use it - it is still lost to you though.
hmmm ... so if MBR is read only ... it can override BIOS and keep Linux safe...
what is that hardware level protection.. it sounds good to me...
i will lock the harddisk and throw the key in the river...
sounds prefect...
not quite...
1.) the Bios
2.) the MBR
Bios is _using_ (and needing) the MBR - but Bios comes as the very first thing - no way around that.
If you want to protect the disk (or MBR - which is on the disk) you need to do this through Bios.
Bios just knows how to interpret the MBR and executes whatever it finds there - usually a boot loader which in turn passes control on to the operating system.
I have no specific knowledge about hardware level protection aside from reading posts here from people trying (mostly in vain) to get to their data when the disk is somehow failing...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.