Never too much security, so today we will learn to make GRUB even more secure by putting a password on it to prevent eavesdroppers from trying to take advantage of it.
Never too much security, so today we will learn to make GRUB even more secure by putting a password on it to prevent eavesdroppers from trying to take advantage of it.
There are several ways to do this procedure, here we will show you two, one of us and another that was sent by our reader. Herbert Borges, to follow his method just download the tutorial he made available in PDF by clicking the button below:
How to enter a password in GRUB (Diolinux Mode)
Putting a password on GRUB helps protect your computer locally, so no one unauthorized will be able to get into the advanced system configuration options and do some damage using the method. that was shown on this video.
We can say that this is a relatively advanced procedure and it will be necessary to use some commands in the terminal but do not be alarmed, read several times, look at the pictures and do things calmly that tuto should go well.
1 – Open the terminal and copy and paste the following command:
sudo grub-mkpasswd-pbkdf2
After entering the command and pressing the "enter" key you will need to enter your root password (the password you use to install programs) after that you will be asked to set a new password for grub, enter it and retype it when prompted. requested, then a hash will be generated as you can see in the image above.
2 – Copy the generated hash and save it in some text file because we will need it soon.
3 – Make a copy of GRUB configuration for security:
sudo cp /etc/grub.d/40_custom /etc/grub.d/40_custom.old
4 – Now let's open the configuration file to make some adjustments:
sudo gedit /etc/grub.d/40_custom
Since the word "gedit" in red can be replaced by another text editor you prefer.
In the text file that opens you must add the following lines to the end of the text:
set superusers = "root"
root password_pbkdf2
grub.pbkdf2.sha512.xxxxx (Since this part you should swap for the HASH you saved in step 2)
See the example below where I replaced the hash.
It is interesting to note here that in the "set superusers =" root "" part you can change the username if you want. After adding the lines just save the file.
5 – Now just update GRUB for the modification to take action:
sudo grub-mkconfig -o /boot/grub/grub.cfg
Now you can close the terminal and restart the computer and you will see that even before loading GRUB the system will ask for a password like the image below:
If you have not made any changes to the user in the configuration file (tutorial step 4) the user will be "root" and the password will be the one you set in the first step. After entering the password the system will start normally.
How to remove the password
If for some reason you no longer want to use this password just back up the configuration file we made in step 3:
sudo cp /etc/grub.d/40_custom.old /etc/grub.d/40_custom
And then update GRUB:
sudo grub-mkconfig -o /boot/grub/grub.cfg
_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here. Founder of blog and channel Diolinux, passionate about technology and games.