You can generate a password hash to protect the boot menu by using the grub2-mkpasswd-pbkdf2 command. On Ubuntu, the command to create a password hash is grub-mkpasswd-pbkdf2. On CentOS, the command is grub2-mkpasswd-pbkdf2.
If you encounter the below error while running the grub2-mkpasswd-pbkdf2 command:
grub2-mkpasswd-pbkdf2: command not found
you may try installing the below package:
# dnf install grub2-tools-minimal-1
1. The first thing you’ll do is create a password hash for your new users:
On Ubuntu, use the following command:
# grub-mkpasswd-pbkdf2
On CentOS, use the following command:
# grub2-mkpasswd-pbkdf2
2. Next, open the /etc/grub.d/40_custom file in your text editor and add a line for your new user, along with the password hash that you just created. The line should look something like this:
password_pbkdf2 goldie grub.pbkdf2.sha512.10000.225205CBA2584240624D077ACB84E86C70349BBC00DF40A219F88E5691FB222DD6E2F7765E96C63C4A8FA3B41BDBF62DA1F3B07C700D78BC5DE524DCAD9DD88B.9655985015C3BEF29A7B8E0A6EA42599B1152580251FF99AA61FE68C1C1209ACDCBBBDAA7A97D4FC4DA6984504923E1449253024619A82A57CECB1DCDEE53C06
Note that this is all one line that wraps around on the printed page.
3. Next, you’re supposed to run a utility that will read all of the files in the /etc/grub.d/ directory, along with the /etc/default/grub file. This will rebuild the grub.cfg file.