Bootloader Password On Fedora 19

[Bryce Hardy]

The new Anaconda installer still doesn't allow for the creation of a bootloader password during installation, so I'm trying to figure out how to do this on a running system.

Section 2.3 of the Fedora 19 Security Guide openly admits to being deprecated, so I am trying to use it to somehow piece together the actual procedure. Here is the full direct quote from that section:

>>Physical security of the system is of utmost importance. Many of the suggestions given here won't
>>protect your system if the attacker has physical access to the system.
>>
>>Important! This section contains information regarding GRUB Legacy and not the current release of GRUB
(also known as GRUB2).
>>
>>Configure the BIOS to disable booting from CDs/DVDs, floppies, and external devices, and set a
>>password to protect these settings. Next, set a password for the GRUB bootloader. Generate a
>>password hash using the command /sbin/grub-md5-crypt. Add the hash to the first line of /etc/grub.conf using password --md5 'passwordhash'. This prevents >>users from entering single user mode or changing settings at boot time.

OK, so from this I found that there is no grub-md5-crypt command, but there is a /bin/grub2-mkpasswd-pbkdf2 command. So the first question is whether this is the one we want.

The second question is what to do with the generated password hash. There is no /etc/grub.conf, and the quoted command "password --md5 'passwordhash'" returns an error.

I'm at my limit here of trying to figure this out, so if anyone can help it would be much appreciated. Thanks in advance.

-- 
Bryce Hardy