Support locking down grub with a password

[marineam]

From email:

I am using coreos on vSphere ESXi and I'm trying to prevent edits to grub menu entries.
One of the use cases is to prevent a user with access to console from setting coreos.autologin.

After securing grub (/usr/share/oem/grub.cfg) with a password, I'm noticing that even executing the menu entries requires authentication.
I'm looking to secure grub such that editing via grub menu is prevented but executing is not. In other words, I should be able to boot to coreos without having to authenticate.

After some further digging, perhaps the grub menu entries are missing a --unrestricted option?

Restricting access to editing the command line would also be applicable to systems locked down by secure boot.

[jhawkins1]

Any timeline on when this issue may get resolved? If this just needs a Developer to do the fix, we can do this and request a pull.

[bgilbert]

This should be fixed in 1786.0.1, due shortly. Thanks for reporting.