Basic authentication support has been merged in SVN trunk revision 2529 (2009-08-25)
Example grub.cfg snippet:
set superusers="user1"
password user1 password1
password user2 password2
menuentry "GNU/Linux" {
set root=(hd0,1)
linux /vmlinuz
}
menuentry "Windows" --users user2 {
set root=(hd0,2)
chainloader +1
}
Superusers must be set to enable authentication support.
Every superuser can go to the command line, edit menu entries and execute all menu entries.
GNU/Linux can be booted by any user.
Windows can be only booted by user2 and user1 who is a superuser.
password command only supports unencrypted plain text passwords.
Note that there currently is not yet any support for this in grub-mkconfig. So you have to create or modify the scripts in /etc/grub.d/ yourself.
As of Bazaar r2037 (2010-01-07) PBKDF2 passwords are supported. To use them you have to first hash your password using:
grub-mkpasswd-pbkdf2 [-c iteration count] Larger iteration counts result in better hashes but they take longer to proceed. grub-mkpasswd-pbkdf2 requests password and outputs hash on standard output.
Enter password: Reenter password: Your PBKDF2 is grub.pbkdf2.sha512.10000.9290F727ED06C38BA4549EF7DE25CF5642659211B7FC076F2D28FEFD71784BB8D8F6FB244A8CC5C06240631B97008565A120764C0EE9C2CB0073994D79080136.887CFF169EA8335235D8004242AA7D6187A41E3187DF0CE14E256D85ED97A97357AAA8FF0A3871AB9EEFF458392F462F495487387F685B7472FC6C29E293F0A0
The password I entered was "hello". Then you do the same as previously just you replace password with password_pbkdf2
password_pbkdf2 user3 grub.pbkdf2.sha512.10000.9290F727ED06C38BA4549EF7DE25CF5642659211B7FC076F2D28FEFD71784BB8D8F6FB244A8CC5C06240631B97008565A120764C0EE9C2CB0073994D79080136.887CFF169EA8335235D8004242AA7D6187A41E3187DF0CE14E256D85ED97A97357AAA8FF0A3871AB9EEFF458392F462F495487387F685B7472FC6C29E293F0A0
Due to wiki rendering it was split but it should be all in a single line.
Please remember that usual GPL disclaimer applies.