How to permanently password-protect (lock) standard RHEL7 menu entries in GRUB2

Solution Verified - Updated -

Issue

  • Goal: a Red Hat Enterprise Linux 7 system that requires manual entry of a bootloader password in order to boot any future kernels

  • Adding users and custom menuentry .... --user SOMEUSER directives to /etc/grub.d/40_custom per the the RHEL7 System Administrator's Guide is great, but how can you configure grub so that ALL existing & future kernels require a password in order to boot?

  • Preventing grub cmdline access with grub2-setpassword works, but how can we make all kernels require password before booting?

Environment

  • Red Hat Enterprise Linux 7
  • GRUB 2 bootloader

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.