How do I secure GRUB with a SHA-2 hashed password in RHEL6?

Solution Verified - Updated -

Issue

  • How do I set or reset a GRUB password?
  • How do I lock down GRUB to prevent people modifying the kernel boot parameters?
  • For years the grub-md5-crypt program has been available to generate MD5-hashed passwords for locking down GRUB, but now that MD5 is widely-considered broken (and is of course not FIPS-approved), how can SHA-256 or SHA-512 passwords be used with GRUB?

Environment

  • Red Hat Enterprise Linux 6
  • grub-0.97-70.el6 or higher

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.