Edit the GRUB boot-loader

Body: 

Edit the GRUB boot-loader

Password Security

Warning: Errors in creating a password-protected GRUB 2 menu may result in an

un-bootable system.

It is also advised to read through the password security instructions completely

before attempting to encrypt the Grub2 boot-loader.

First choose a strong password, open a shell, log in as root, and then type the following

command:

# grub2-mkpasswd-pbkdf2

Now type in your chosen password...

Then open up the terminal and type sudo -i to log in as root then type:

gedit /etc/grub.d/00_header

Now you want to take your new password which will look something like the following:

grub.pbkdf2.sha512.10000.5F60AA485BA2B7EA640974BCDF5722F7600FDAF99AFE

6AD8ECA33A1A05E53AB85B8B426E22AC246CC50558807BBA24752CBD61FD04155

E26C41307F4AD64C9F70BDA015BBD97F09776CB66C90E0D82C2855C297039A1638

D28A77FE2DDA3C8B8105C82FB2766FAEF4400647917A82CF3FB4B8E9B43ACBA64

39F1E3C9B1A90194

Use the following code example of how to paste from the terminal to the end of the

00_header file under the last line of code (You do need spaces in between lines and

paragraphs) so it will look like this:

cat << EOF

set superusers="username"

password_pbkdf2<space>username<space>grub.pbkdf2.sha512.10000.5F60AA48

5BA2B7EA640974BCDF5722F7600FDAF99AFE6AD8ECA33A1A05E53AB85B8B426E2

2AC246CC50558807BBA24752CBD61FD04155E26C41307F4AD64C9F7.0BDA015BBD

97F09776CB66C90E0D82C2855C297039A1638D28A77FE2DDA3C8B8105C82FB2766F

AEF4400647917A82CF3FB4B8E9B43ACBA6439F1E3C9B1A90194

EOF

This is the code you need at the end of the file and please notice the spaces and replace

username (the quotes around the user name are included) with your own user name:

cat << EOF

set superusers="username"

password_pbkdf2<space>username<space>grub.pbkdf2.sha512.10000.5F60AA48

5BA2B7EA640974BCDF5722F7600FDAF99AFE6AD8ECA33A1A05E53AB85B8B426E2

2AC246CC50558807BBA24752CBD61FD04155E26C41307F4AD64C9F7.0BDA015BBD

97F09776CB66C90E0D82C2855C297039A1638D28A77FE2DDA3C8B8105C82FB2766F

AEF4400647917A82CF3FB4B8E9B43ACBA6439F1E3C9B1A90194

EOF

This is the last and critical step of the procedure. Please be absolutely sure the above

commands were followed completely before updating the Grub2 config file.

Now do the command grub2-mkconfig -o /boot/grub2/grub.cfg and your new password

policy will be enforced and no one but you will know the password to edit your grub2 config.

All that is needed now is to power off or restart Linux Fedora 19. If the Grub2 configuration

file was updated it will now enforce the security password policy and should look something

like the photo below depending onwhat version of Grub2 is installed.

Who's new

Recent comments

No comments available.

Who's online

There are currently 0 users online.