(Last Updated On: August 18, 2018)

Grub is the reference implementation of the Free Software Foundation’s Multi-boot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system’s partitions.

Using Grub without password means any person with knowledge of grub and Linux can have unauthorized access to the your Linux system by passing some parameters at Grub menu,(pressing letter ‘e’ then few modifications ). To prevent this,you’ll have to create a user for Grub and generate encrypted password to associate. This tutorial is for CentOS and all Redhat Linux derivatives. we have another article on How to protect grub with password on Debian, Ubuntu and Kali Linux

Before editing ‘/etc/grub.d/10_linux’ file, it’s highly recommended to do a backup of both grub.cfg and 10_linux,

Backup grub.cfg file;

# cd /boot/grub2/
# cp grub.cfg grub.cfg.backup

Then backup 10_linux by;

# cd /etc/grub.d/
# cp 10_linux 10_linux.backup

To get grub password to use, generate grub encrypted password by typing following command on your terminal

# grub2-mkpasswd-pbkdf2

Then enter password Twice

After generating Grub encrypted password, open ‘/etc/grub.d/10_linux’ the file then add the below following lines at the end of the file.

# vi /etc/grub.d/10_linux

Then press G to get to last line.Press letter i or insert key and paste your contents at the end.

cat <<EOF
set superusers=”Koromicha”
Password_pbkdf2 Koromicha 'Paste Generated_encrypted_password'
 EOF

Replace Koromicha with the username you want to use on grub menu for login.
Save and quit by pressing ESC key then:

:wq

See screenshot below for visual details:

That’s all. Reboot your computer and you’ll see username prompt at the grub menu. Press e to login and enter your username and password.