I have all my grub options protected by password excepting the default Ubuntu option. This is done by adding "--unrestricted" to the boot option in /boot/grub/grub.cfg as explained here:
The problem is each time grub2 is updated the "--unrestricted" parameter disappears and I have to add it again. Is there any way to make this permanent?
Thank you!
You have to edit the scripts that generate /boot/grub/grub.cfg, not that file itself.
For the Ubuntu entry, check out /etc/grub.d/10_linux and search for the lines that output menuentry. The relevant part on my system looks like this:
echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
else
echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
fi
I think the first of those (with echo "$title") should be used for all "Advanced options" whereas the second line (with echo "$os") seems to be responsible for the "normal" Ubuntu entry.
You can insert additional options in here, so that the correct menuentry line gets printed as you want it to appear in the grub.cfg file.
Don't forget to run sudo update-grub afterwards to regenerate the config from your changed scripts.
Other related posts:
echo "$title") should be used for all "Advanced options" whereas the second line (withecho "$os") seems to be responsible for the "normal" Ubuntu entry. – Byte Commander Oct 29 '18 at 20:27