#!/bin/bash ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC ## See the file COPYING for copying conditions. source /usr/libexec/helper-scripts/get_colors.sh check_grub_security() { if [ -f '/usr/share/qubes/marker-vm' ]; then true "Qubes VM detected. Skipping $FUNCNAME." return 0 fi if [ ! "$systemcheck_virtualizer_detected" = "none" ]; then true "VM detected. Skipping $FUNCNAME." return 0 fi local link_cli link_gui MSG link_cli="https://www.kicksecure.com/wiki/Protection_Against_Physical_Attacks#Bootloader_Password" link_gui="Bootloader Password" if grub_password_status_check_output="$(leaprun grub-password-status-check 2>&1)"; then MSG="

GRUB $link_gui: Enabled

" $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" MSG="GRUB bootloader password: ${green}Enabled${nocolor} See also: $link_cli" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" else MSG="

GRUB $link_gui: Absent

" $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" MSG="GRUB bootloader password: ${yellow}Absent${nocolor} See also: $link_cli" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" fi if [ "$verbose" -ge "1" ]; then MSG="

leaprun grub-password-status-check output:

$grub_password_status_check_output

" $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG" $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG" fi }