Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.
Check
Verify the boot loader superuser password is required using the following command:
$ grep password /etc/grub2.cfg
password_pbkdf2 superman ${GRUB2_PASSWORD}
Verify the boot loader superuser password has been set and the password is encrypted using the following command: