How do I secure GRUB with a SHA-2 hashed password in RHEL6?

Solution Verified - Updated -

Issue

  • How do I set or reset a GRUB password?
  • How do I lock down GRUB to prevent people modifying the kernel boot parameters?
  • For years the grub-md5-crypt program has been available to generate MD5-hashed passwords for locking down GRUB, but now that MD5 is widely-considered broken (and is of course not FIPS-approved), how can SHA-256 or SHA-512 passwords be used with GRUB?

Environment

  • Red Hat Enterprise Linux 6
  • grub-0.97-70.el6 or higher

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In