On CentOS 6 we currently encrypt the grub password using the password --md5 option and we are able to script this into our standard server build.
We are busy migrating to CentOS 7 and it appears that the password --md5 option has been removed in grub2 and replaced with grub2-mkpasswd-pbkdf2.
Although I welcome the improved security, I can't find a way to pass a password to the grub2-mkpasswd-pbkdf2 command via standard input, and it appears that grub2 has removed support for md5, the combination of which breaks our script building automation.
Can anyone possibly help with:
grub2-mkpasswd-pbkdf2 via standard input?; orgrub2-mkpasswd-pbkdf2 that accepts standard input?; or--md5 with grub2?I recently wrote a tool to do just this -- namely, to be able to more easily generate GRUB2 hashes non-interactively, and to be able to do so on RHEL6. It's on GitHub.
In the readme you'll also see explanation of how to use the standard grub2-mkpasswd-pbkdf2 to generate hashes non-interactively by piping the password twice with newline.