How do I secure GRUB with a SHA-2 hashed password in RHEL6?

Solution Verified - Updated -

Issue

  • How do I set or reset a GRUB password?
  • How do I lock down GRUB to prevent people modifying the kernel boot parameters?
  • For years the grub-md5-crypt program has been available to generate MD5-hashed passwords for locking down GRUB, but now that MD5 is widely-considered broken (and is of course not FIPS-approved), how can SHA-256 or SHA-512 passwords be used with GRUB?

Environment

  • Red Hat Enterprise Linux 6
  • grub-0.97-70.el6 or higher

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content