How to password protect grub with Debian, Ubuntu and Kali Linux

Hello everyone!
Running Linux Os and think you have secured it with a user password to restrict access?
This is not the case, as someone can easily change your user password using grub, compromising the security of the system. So how do we contain it?
You have to set the grub password and this is the method.
Edit file:


Create a password by typing:

# grub-mkpasswd-pbkdf2

Enter the required password.

As shown in the screenshot below, this will generate a long, encrypted password.

Copy the entire generated code
Use vi or leafpad for example to edit the file /etc/grub.d/00_header

# vi /etc/grub.d/00_header


# sudo leafpad /etc/grub.d/00_header

Go to the end of the file, on vi, if you scroll to the end of the file on the leaf, use G to go to the end of the file.
Enter the following command;

cat << EOF
set superusers="username"
password_pbkdf2 username 'paste the generated code copied above here'

For example, in my case, check the screenshot

How to password protect grub with Debian, Ubuntu and Kali Linux

Save your changes and exit the editor with either command and update grub;

# update-grub


# grub-mkconfig -o /boot/grub/grub.cfg

To test the changes, reboot the system. If the above steps are completed successfully, after selecting the grub entry to launch, you will be prompted to enter your username and password. Enter these credentials and you can safely use your grub! !! !! !!

on the other hand,

In case you forgot your password or grub password is not working, this is the method to recover changes using a bootable bootable flash drive or DVD. Check out the link on how to make a bootable flash drive. After creating one, use it to boot the system.

Once launched, follow the steps given here.
Launch gparted to check the installation partition of the system OS (see screenshot of my case)

How to password protect grub with Debian, Ubuntu and Kali Linux

Use the following command to mount the Linux OS root partition

# sudo mount /dev/sda6 /mnt/
# cd /mnt/

Then type the following command as is:

# for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; 

Edit the file /etc/grub.d/00_header with the following command

vi /etc/grub.d/00_header

Delete the line added at the end, as shown in the following example,

cat << EOF
set superusers="Koromicha"
password_pbkdf2 Koromicha grub.pbkdf2.sha512.10000.0EF3409AFA03D25C3CFCC47EE7664B8BE6A9554D5D9ADBB9D78

Update grub

# update-grub

Use the following command to install grub in the master boot record (MBR)

# grub-install /dev/sda

Update grub again to implement the changes:

# update-grub

Restart the system, the grub password prompt is gone! !! !!