How To Password Protect GRUB Bootloader In Linux

Password Protect GRUB Bootloader In Linux

7 Responses

  1. Jane Doe says:

    Very informative and useful article!
    Thank you !!
    I’ll try to figure out how to do it on an Arch system.

  2. Gregory Pittman says:

    On my system you have to be root to edit the grub.cfg file, so I’m not sure what this adds to the situation.

  3. Remco Siderius says:

    And what if you boot from a USB stick, or CD / DVD? And thus bypassing GRUB?
    Can’t you access all files then? Can’t you even reinstall GRUB then?
    The only way to prevent acces I can think of, is encrypting the root file system (or at least /home)
    Am I wrong?

    • SK says:

      You’re right. I didn’t say protecting GRUB alone will protect your system. There are other ways too. I will posting more guides related to Linux security.

  4. Kārlis Klaviškis says:

    Hi,

    If You are using multi-boot system You have to make some addition to „30_os-prober” as well. Otherwise any alien software will be locked with newly created password. At least that’s the Fedora 28/grub2 case.

    Any first level menu should contain one more parameter: „–unrestricted”.

    E.g.:
    The original line:

    menuentry ‘$(echo “${LONGNAME} $onstr” | grub_quote)’ $CLASS –class os \$menuentry_id_option

    The edited line:

    menuentry ‘$(echo “${LONGNAME} $onstr” | grub_quote)’ $CLASS –class os –unrestricted \$menuentry_id_option

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.