To change the GRUB password on senhasegura VMs, a specific command must be executed to generate the hash of the new password and then change its value in the GRUB configuration file.
This process should be done with the utmost caution, as any configuration error can lead to the unavailability to boot the operating system and result in the unavailability of the machine.
1. GRUB Password Change
1.1 Creating the New GRUB Password
To create the new GRUB password, execute the following command:
# grub-mkpasswd-pbkdf2
This command will prompt the user to enter the new password. As shown in Figure 1, the output of this command is the hash corresponding to the entered password, and this hash must be collected as it will be used in the rest of the configuration. Note that the hash to be copied starts with grub.pbkdf2.
Figure 1: Output of the grub-mkpasswd-pbkdf2 command.
1.2 Editing the GRUB Configuration File
With the password hash generated and copied, open the /etc/grub.d/40_custom file to change the password.
# vim /etc/grub.d/40_custom
The field to be changed, as indicated in Figure 2, is in the following format:
Figure 2: /etc/grub.d/40_custom file opened.
Figure 3: Modified hash field.
1.3 Applying the GRUB Configuration
Once the hash is changed within the configuration file, run the following command, as shown in Figure 4, to apply the changes made:
# grub-mkconfig -o /boot/grub/grub.cfg
Figure 4: Expected output.
1.4 Finalization
After applying the new configuration, reboot the machine and test whether the change was successful. To test, access the client’s virtualizer console and, on the GRUB boot screen, press the “E” key or select the “Advanced options for senhasegura…” line. Both options will ask for the user and password to be accessed, as shown in Figures 5 and 6.
Figure 5: GRUB screen.
Figure 6: GRUB access.
Reminder: Execute this process with extreme caution. Any configuration error can result in the failure to boot the operating system and lead to machine unavailability.