To provide an appropriate level of security, configure boot loader authentication on your VMware virtual appliances. If the system boot loader requires no authentication, users with console access to the system might be able to alter the system boot configuration or boot the system to single user or maintenance mode, which can result in denial of service or unauthorized system access.

Because boot loader authentication is not set by default on the VMware virtual appliances, you must create a GRUB password to configure it.


  1. Verify whether a boot password exists in the /boot/grub/grub.cfg file on your virtual appliances.
  2. If no password exists, run the /usr/bin/grub2-mkpasswd-pbkdf2 command on your virtual appliance.
    A password is generated, and the command supplies the hash output.
  3. Add following lines at the end of /etc/grub.d/40_custom.

    set superusers="root"

    password_pbkdf2 root <hash of password>

  4. Update the grub configuration by running the /usr/sbin/grub2-mkconfig -o /boot/grub/grub.cfg command.