In VMware Aria Automation 8.18.x,  the GRUB bootloader menu that streamlines the boot process can be edited for temporary use only, like resetting/updating root password. 

Aria Automation 8.18.x

By default, the GRUB menu appears during the boot sequence, requiring manual intervention or a timeout period before the OS loads.

Editing a GRUB menu in  VMware Aria Automation (vRA) is used for standard security hardening recommendation, especially in environments following compliance frameworks like STIGs or CIS benchmarks.

-----------------

Note: Based on Broadcom support documentation, editing the Photon OS GRUB menu is generally supported for troubleshooting (Only with resetting root passwords or fixing file system errors), but modifying the configuration permanently via grub2-mkconfig is not supported. .

Edit the GRUB menu can be done 

-  to change or reset the root password

-  for not to display the GRUB menu during  booting process

or

- increase the time period for GRUB to display on the boot screen

The steps to modify the appliance configuration:

a. Snapshot: Create a virtual machine snapshot of the VMware Aria Automation appliance.

b. Access: Log in to the appliance as root via SSH or the console.

c. Edit Configuration: Open the GRUB default configuration file:

vi /etc/default/grub

4. Modify Parameters: Update the following lines:

Change GRUB_TIMEOUT=X to GRUB_TIMEOUT=0.

Ensure GRUB_TERMINAL_OUTPUT="console" is present to maintain standard console output.

To get the GRUB menu displayed on the screen during the boot process for longer time, set a bigger GRUB_TIMEOUT value, with the desired time period.

5. Apply Changes: Regenerate the GRUB configuration file by running:

grub2-mkconfig -o /boot/grub2/grub.cfg

6. Reboot: Restart the appliance to confirm the menu is bypassed or displayed for desited time period.

Logs: If you encounter boot issues, refer to the serial console logs for troubleshooting.

Note:

Editing the GRUB Menu for doing permanent modification is not supported  by Broadcom.

It is recommended  to contact Broadcom if they need to edit the GRUB for other security purposes.

Following are other reasons for editing the GRUB menu: 
1. Security Hardening
a. An unsecured GRUB menu allows an attacker to edit the boot command line (pressing 'e') and append init=/bin/bash or single to boot directly into a root shell without a password.

b. Preventing Kernel Argument Tampering: Unauthorized users can alter kernel arguments to bypass security policies, mount systems in read-write mode, or disable security modules.

2. Streamlining Production Environments:
Faster Boot Times: In a production Linux environment (specifically with automated deployment tools like Aria Automation), you want servers to boot immediately without waiting for a user to select an option. Setting the GRUB_TIMEOUT to 0 or hidden skips this delay.

3. Consistency with Automation (Aria Automation)
"Set and Forget" Approach: In automation workflows, servers are designed to be deployed and managed without manual intervention. Disabling the menu ensures that if a server reboots, it automatically reboots into the correct state, rather than waiting for input.