mxgrub: Restrict access to submenu

[pmenzel]

Entering the submenu, a user could edit menu entries, and enter the command-line interface. Fix this by restricting the access to the submenu. As a result, users can now only manually start the default Linux kernel.

[donald]

Hmmm. Now the user can switch from the previous kernel to the default kernel but not back, is that correct? User might break his workstation that way, if the default kernel doesn't support the gpu. Do we want that?

[david]

When you copy set superusers in the submenu part, it will ask you 'username' and 'password'

submenu "all-other-kernel" --unrestricted {

        set superusers="root"
        password_pbkdf2 root grub.pbkdf2.sha512.10000.A1168F03CC3CD47F79848E949584EA624FF531B53611F61218DC5BAD760E767063A96E6A5CE6B350$

        menuentry "mariux-4.19.57-286" --unrestricted { save_env chosen ; linux /boot/bzImage-4.19.57.mx64.286 root=LABEL=root ro cras$
        menuentry "mariux-4.19.57-282" --unrestricted { save_env chosen ; linux /boot/bzImage-4.19.57.mx64.282 root=LABEL=root ro cras$
    ....

[pmenzel]

David’s workaround worked, but the GRUB developers replied to export security variable instead. Please review and accept.

[david]

looks good

[donald]

Tested. Okay with me. But I'd remove the obsolete and the revert commits.

[pmenzel]

@donald, done.