How to set the grub password in CentOS 7

By | October 4, 2017

This post may contain affiliate links. Please read my disclosure for more info.

How to set the grub password in CentOS 7 Featured Image

Cent OS 7 and most other Linux distributions use the GRUB2 boot loader. This guide shows you How to set the grub password in CentOS 7 and test it. The GRUB Menu can be protected by a password and this guide shows you how to set the grub password in CentOS 7.

What is GRUB2?

This menu shows you all the installed it was first invented by Sir Erich Stefan Boleyn in the year 1995. GRUB2 bootloader is used to load the kernel and the kernel loads the Operating System, In short GRUB is the Module which is used to start the Operating System.

These 4-steps are how to set the grub password in CentOS 7:

  1. Create an Encrypted Password using  grub2-mkpasswd-pbkdf2
  2. Define Encrypted Password in /etc/grub.d/40_custom
  3. Refresh /boot/grub2/grub.cfg by grub2-mkconfig -o /boot/grub2/grub.cfg
  4. Test new password on Boot

YouTube Tutorial

Detailed Steps on setting the grub password in CentOS 7

Create an Encrypted Password

Create a password using the grub2-mkpasswd-pbkdf2 command:

[root@centos7 grub.d]# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.440B11FE0ECAC09C69B18DD358758957HHIUH5EFC1F772E4D0F0F9E1005908EB2DDAECDA8D5975EBD594A89EF60697128C2631515992365958CDD61E3C3896E53.8789479587HFD79A57D46205EE9F4419B921598B8C05C593F12JOIJIO9271825279BBCD0C67AF810B961C91A8C8EB5D65127D3D3515292C6172F8E64

Add the Encrypted Password to the Custom Configuration File

Make a copy of the text after your password is, we could add this directly in the main configuration file grub.cfg, but it is recommended not to edit directly so we put it into the /etc/grub.d/40_custom file it is good practice to make a backup copy of the file in case.

Then we can add that password into the /etc/grub.d/40_custom file:

cp /etc/grub.d/40_custom /etc/grub.d/40_custom.backup
vi /etc/grub.d/40_custom   # Edit the GRUB Custom Menu
exec tail -n +3 $0
This file provides an easy way to add custom menu entries.  Simply type the
menu entries you want to add after this comment.  Be careful not to change
the ‘exec tail’ line above.
set superusers=”root”
password_pbkdf2 root grub.pbkdf2.sha512.10000.440B11FE0ECAC09C69B18DD358758957HHIUH5EFC1F772E4D0F0F9E1005908EB2DDAECDA8D5975EBD594A89EF60697128C2631515992365958CDD61E3C3896E53.8789479587HFD79A57D46205EE9F4419B921598B8C05C593F12JOIJIO9271825279BBCD0C67AF810B961C91A8C8EB5D65127D3D3515292C6172F8E64

Update the grub.cfg File

Now we have added a new line into the grub file we need to refresh the grub.cfg file by using grub2-mkconfig command, and it is good practise to make a backup of grub.cfg file in case.

An then run the grub2-mkconfig to update grub.cfg file:

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.backup
grub2-mkconfig -o /boot/grub2/grub.cfg

We can confirm our password has been added into the GRUB2 Bootloader by cating the grub.cfg file:

cat /boot/grub2/grub.cfg
BEGIN /etc/grub.d/40_custom ###
This file provides an easy way to add custom menu entries.  Simply type the
menu entries you want to add after this comment.  Be careful not to change
the ‘exec tail’ line above.
set superusers=”root”
password_pbkdf2 root grub.pbkdf2.sha512.10000.2F74BCD26B934CCD43446688BCB4D365862C8BD24461AC04D711F0403993D7571D056788565FAECCEE29B77141F070039A73F9C956DE532F98F93E819C4E842D.67ED723C2F6C4DAF8D42F26942228F678437E8F8569132C93439DF15C855FDBDA742226486
END /etc/grub.d/40_custom ###

Testing the password

Reboot the system


During the boot process hit SPACE BAR at the GUB menu and hit e to edit the GRUB.

Image of CentOS 7 GRUB2 Menu

Enter in your Username and Password you defined before:

how to set the grub password - CentOS 7 GRUB2 Password Prompt

If the password works you will be able to edit the GRUB2 line entry as per screenshot:

how to set the grub password - CentOS 7 GRUB2 Edit Menu Entry

So that is how we can protect the GRUB2 Bootloader in CentOS 7.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.