How to permanently password-protect (lock) standard RHEL7 menu entries in GRUB2

Solution Verified - Updated -

Issue

  • Goal: a Red Hat Enterprise Linux 7 system that requires manual entry of a bootloader password in order to boot any future kernels

  • Adding users and custom menuentry .... --user SOMEUSER directives to /etc/grub.d/40_custom per the the RHEL7 System Administrator's Guide is great, but how can you configure grub so that ALL existing & future kernels require a password in order to boot?

  • Preventing grub cmdline access with grub2-setpassword works, but how can we make all kernels require password before booting?

Environment

  • Red Hat Enterprise Linux 7
  • GRUB 2 bootloader

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content