dracut and CVE-2016-4484: Cryptsetup Initrd root Shell


People who want to secure their Fedora/RHEL system have to:

  • add a BIOS password
  • add a grub password
  • add “rd.shell=0” to the kernel command line

Anaconda does add “rd.shell=0” to the kernel command line automatically, if you setup the bootloader with a password.