GRUB: Password protection

Plain text passwords
To protect grub with a password put the command 'password YOUR_PASSWORD' somewhere in the beginning of, like this:

This will disable all the options except 'boot' unless you press 'p' to enter the password. But if you have clever users they figure of the password quite easy by booting the OS and reading the password.

Encrypted passwords
As you can see in the sample it is similar to the last sample except we specified "--md5" and wrote the checksum instead of the plaintext one. To get the md5 checksum of the password you can start the grub command-line tool and run 'md5'

Loading a new menu
You can load new entries when you typed the correct password. Just specify the name to the new menu after the 'password' command. After typing the password grub will reload itself with the new file.

Protect entries from being booted
The 'lock' command will fail until a valid password has been entered. If the user hasn't entered one he/she won't be able to continue the execution of the entry. Place it right after the 'title' command

Also note that this is useless unless the 'password' command is used.

Links

 * http://www.gnu.org/software/grub/manual/grub.html (password, lock, md5crypt)