Skip to content

Instantly share code, notes, and snippets.

@obfusk obfusk/
Last active Dec 14, 2015

What would you like to do?
grub2 password protection

To generate a password:

$ grub-mkpasswd-pbkdf2

Now use the diff as a guideline to modify /etc/grub.d/.

NB: I've only modified the files I needed to; depending on your configuration you may need to modify additional menuentry and submenu entries in other files.

To make the changes take effect:

$ update-grub
diff --git a/10_linux b/10_linux
index 8130f2b..6a8200b 100755
--- a/10_linux
+++ b/10_linux
@@ -84,10 +84,12 @@ linux_entry ()
if ${recovery} ; then
title="$(gettext_quoted "%s, with Linux %s (recovery mode)")"
+ flx_users='--users felix'
title="$(gettext_quoted "%s, with Linux %s")"
+ flx_users=''
- printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}"
+ printf "menuentry '${title}' ${CLASS} ${flx_users} {\n" "${os}" "${version}"
cat << EOF
@@ -268,7 +270,7 @@ while [ "x$list" != "x" ] ; do
list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
if [ "$list" ] && ! $in_submenu; then
- echo "submenu \"Previous Linux versions\" {"
+ echo "submenu \"Previous Linux versions\" --users felix {"
diff --git a/20_memtest86+ b/20_memtest86+
index 6e4aa18..7e38d8f 100755
--- a/20_memtest86+
+++ b/20_memtest86+
@@ -24,13 +24,13 @@ if test -e /boot/memtest86+.bin ; then
MEMTESTPATH=$( make_system_path_relative_to_its_root "/boot/memtest86+.bin" )
echo "Found memtest86+ image: $MEMTESTPATH" >&2
cat << EOF
-menuentry "Memory test (memtest86+)" {
+menuentry "Memory test (memtest86+)" --users felix {
printf '%s\n' "${prepare_boot_cache}"
cat << EOF
-menuentry "Memory test (memtest86+, serial console 115200)" {
+menuentry "Memory test (memtest86+, serial console 115200)" --users felix {
printf '%s\n' "${prepare_boot_cache}"
cat << EOF
diff --git a/40_custom b/40_custom
index 48068de..4a47dc9 100755
--- a/40_custom
+++ b/40_custom
@@ -3,3 +3,6 @@ exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
+set superusers=felix
+password_pbkdf2 felix ...password...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.