GRUB2 password on Ubuntu in 3 steps

ubuntu_logo_81x81Enabling a GRUB2 password can lock your operating system from intruders even with physical access to your machine. Add to it a BIOS password lock and all removable bootable media disabled, your device is quite safe from any normal attacks. Here’s the procedure to add a password to your GRUB2 on Ubuntu. It is tested on Ubuntu Trusty on a UEFI laptop that doesn’t have secure boot feature. So adding a GRUB password works as an alternative security measure. All the steps should be run as root or sudoer.

  1. Generate the PBKDF2 hash of your password.
    # grub-mkpasswd-pbkdf2
    Enter password:
    Reenter password:
    PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.942F4587C48F7A...
  2. Edit /etc/grub.d/40_custom and add the following at the end of the file:
    set superusers="root"
    password_pbkdf2 root grub.pbkdf2.sha512.10000.942F4587C48F7A...
  3. Regenerate GRUB2 configuration
    # grub-mkconfig -o /boot/grub/grub.cfg

Note that you may need to use the following commands on a BIOS device:

# grub-mkpasswd-pbkdf2 [Step 1]
# grub2-mkconfig -o /boot/grub2/grub.cfg [Step 3]

To clear the password, edit /etc/grub.d/40_custom and delete the lines added in Step 2. Run the command in Step 3.


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s