I have been trying to password-protect grub boot menu in Fedora 38. Now, unfortunately, the Fedora guide for GRUB2 is "currently in the process of revision," so I have had to work with other guides such as this one and this answer.
What I have done is, according to the instructions in the sources above,
- call
grub2-set-password
to set up a password. - call
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
to recreate grub configuration.
This has had no effect on grub boot menu: I can still edit kernel parameters with 'e.' I can see that the password has been stored into /boot/grub2/user.cfg
and I can see that /etc/grub.d/01_users
should then set superuser
and other values appropriately, as indicated in the answer link above.
So: how can I achieve what I am trying to do?
Edit. grub2-set-password
stores the password into file /boot/grub2/user.cfg
, while in an UEFI system the script 01_users
tries to read the password from file ${prefix}/user.cfg
. Given that in an UEFI system other boot information is contained in directory /boot/efi/EFI/fedora
, perhaps grub2-set-password
stores the password into an incorrect directory in this case. I wonder what ${prefix}
is in UEFI.
/boot/efi/EFI/fedora/grub.cfg
since Fedora 34! See docs.fedoraproject.org/en-US/quick-docs/grub2-bootloader/…