Grub menu entry for grub password protection

i want password protection for editing, but not booting, any grub menu items.

Reading the docs here: Working with the GRUB 2 Boot Loader :: Fedora Docs

it doesn’t seem like the docs are up to date, or maybe some more info could be added.

My install’s existing menu entries have the kernel name in them, but the examples in the docs seem to assume that the user, and thus the config, will know what the names of the menu items are in advance and in perpetuity. I supposed that you could just use the root={hd0,msdos1} to designate the location of the root partition and use a generic name for the menu item, but that adds another menu item, and i also get a blank screen instead of a password prompt when doing it that way and trying to edit a menu item to test.

What is the correct way to specify that any grub menu items that may exist, be password protected for editing, but any user can boot?

p.s. it looks like the default /etc/grub.d/01_users file was more dynamic, but i don’t know where the “switch” to enable that behavior is.

Thanks

3 Likes
sudo grub2-set-password

This will prompt for a password and write resulting configuration to /boot/efi/EFI/fedora/user.cfg (in an EFI system). When you are in GRUB menu, hit e key to edit boot options. It will ask for a username, it is root. Then type your password and you will be in the edit menu.

2 Likes

thanks! i put the original grub config files back to the default, ran the command you gave, regenerated the grub config (not sure if it needed that or not), rebooted and it worked.

1 Like