How to permanently password-protect (lock) standard RHEL7 menu entries in GRUB2

Solution Verified - Updated -


  • Goal: a Red Hat Enterprise Linux 7 system that requires manual entry of a bootloader password in order to boot any future kernels

  • Adding users and custom menuentry .... --user SOMEUSER directives to /etc/grub.d/40_custom per the the RHEL7 System Administrator's Guide is great, but how can you configure grub so that ALL existing & future kernels require a password in order to boot?

  • Preventing grub cmdline access with grub2-setpassword works, but how can we make all kernels require password before booting?


  • Red Hat Enterprise Linux 7
  • GRUB 2 bootloader

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In