grub2-mkpasswd-pbkdf2 - can it accept standard input?

On CentOS 6 we currently encrypt the grub password using the password --md5 option and we are able to script this into our standard server build.

We are busy migrating to CentOS 7 and it appears that the password --md5 option has been removed in grub2 and replaced with grub2-mkpasswd-pbkdf2.

Although I welcome the improved security, I can't find a way to pass a password to the grub2-mkpasswd-pbkdf2 command via standard input, and it appears that grub2 has removed support for md5, the combination of which breaks our script building automation.

Can anyone possibly help with:

1. A way to pass a password to grub2-mkpasswd-pbkdf2 via standard input?; or
2. An alternative pbkdf2 generation utility to grub2-mkpasswd-pbkdf2 that accepts standard input?; or
3. A mechanism for using --md5 with grub2?

I recently wrote a tool to do just this -- namely, to be able to more easily generate GRUB2 hashes non-interactively, and to be able to do so on RHEL6. It's on GitHub.

• burg2-mkpasswd-pbkdf2: Non-interactively generate GRUB2-compatible PBKDF2 hashes from the cmdline with python

In the readme you'll also see explanation of how to use the standard grub2-mkpasswd-pbkdf2 to generate hashes non-interactively by piping the password twice with newline.