Grub Password-protection

Password-protecting Grub may be necessary if the BIOS doesn’t have password support and you could be in a better environment.

Decide what the password is going to be and don’t forget it ;). To encrypt a password to put in your grub configuration file, use:

$ grub-md5-crypt
Retype password:

Type in the password twice and copy the md5 encrypted password to /boot/grub/menu.lst:

# /boot/grub/menu.lst
password –md5 $1$ZOGor$GABXUQ/hnzns/d5JYqqjw

The password line must be on one of the first few lines of the menu.lst file. If there are a lot of comments at the beginning of the grub.conf file don’t try to put it after them or it won’t work either. Also, take out the timeout value if you have one as it can sometimes cause problems.

Now each boot entry much be told to be locked if you want it to be:

title Linux 2.6.27
root (hd0,4)
kernel /boot/kernel-2.6.27 root=/dev/sda5


4 thoughts on “Grub Password-protection

  1. Dieter_be

    I don’t know exactly how this works, but it looks like this leaves your data open to anyone who can mount your disk from a livecd or steal your hard disk, so I would rather recommend encrypting your block device(s) with dm_crypt/luks. That’s what I do on my systems and I really like it :)

  2. Dirk Gently Post author

    @ Matija

    I haven’t seen grub use any other form of password encryption so the answer is probably no, though a good length password should be hard to de-crypt.

    @ Dieter_be

    Yes Dieter, hmm, its a good idea to lock out booting with DVD/CD drives as this can be used to circumvent password-protection. Of course if someone steals your hard-disk you’d be SOL anyway. Encrypting a block device is also a good alternative but I have yet to try it.

  3. Pingback: Gentoo Quick Install | shahverdY

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s