Description of problem: grub2-set-password stores the resulting password in /boot/grub2/user.cfg. This is ok for legacy BIOS, but is not read in UEFI boot. In UEFI, the correct location would be /boot/efi/EFI/fedora/user.cfg. Version-Release number of selected component (if applicable): grub2-tools-minimal-1:2.06-95 How reproducible: always Steps to Reproduce: 1. make sure you have a system with UEFI boot 2. run grub2-set-password to set password 3. reboot 4. in grub menu, press 'e' to edit command line 5. observe that no password is asked Actual results: editing grub menu line does not require set password Expected results: editing grub menu line should require set password Additional info: running grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg does not change the situation, and is not necessary because the automatically generated grub.cfg already contains the necessary lines for reading the password and setting environment variable superusers
Hello, I'm not able to reproduce this behavior using described steps in VM Can you attach grub config files from /boot/efi/EFI/fedora/ and /boot/grub/ and output of "lsblk -aif" command, please?
Created attachment 1981495 [details] grub.cfg
Created attachment 1981496 [details] user.cfg
Created attachment 1981497 [details] output of lsblk
Please find attached - config file grub.cfg, which is identical in /boot/efi/EFI/fedora/ and /boot/grub2/ (note: my system has no directory /boot/grub, which you requested) - (redacted) config file user.cfg which, after running grub2-set-password exists only in /boot/grub2/ (the bug can be fixed by then copying this file by hand into /boot/efi/EFI/fedora/) - the output of "lsblk -aif". Note that there are no other ".cfg"-files in /boot/efi/EFI/fedora or /boot/grub/. Do these help?
Hi, Thanks for sending all of that along. We'll try to reproduce again asap.
(In reply to James from comment #5) > Please find attached > - config file grub.cfg, which is identical in /boot/efi/EFI/fedora/ and > /boot/grub2/ (note: my system has no directory /boot/grub, which you > requested) The two grub.cfg files in those directories should *not* be the same, and that's where your problem is coming from. Because you're using UEFI and your user.cfg is in /boot/grub2 (where it should be), it's not being found by the grub efi. As you discovered for yourself, moving user.cfg to /boot/efi/EFI/fedora fixes the problem. > - (redacted) config file user.cfg which, after running grub2-set-password > exists only in /boot/grub2/ (the bug can be fixed by then copying this file > by hand into /boot/efi/EFI/fedora/) > - the output of "lsblk -aif". > > Note that there are no other ".cfg"-files in /boot/efi/EFI/fedora or > /boot/grub/. > > Do these help? What you should have in /boot/efi/EFI/fedora is a stub config. Running grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg is most likely what created it in the first place. Please run grub2-mkconfig -o /etc/grub2.cfg instead if you need to. The way to fix this is to dnf reinstall grub2-common. That will regenerate the stub config for you, and everything should work. Please let us know if it does work (or not)! :)