diff --git a/apparmor.d/groups/grub/grub-bios-setup b/apparmor.d/groups/grub/grub-bios-setup
new file mode 100644
index 000000000..d6961bf9c
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-bios-setup
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/grub-bios-setup
+profile grub-bios-setup @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-bios-setup>
+}
+
diff --git a/apparmor.d/groups/grub/grub-editenv b/apparmor.d/groups/grub/grub-editenv
new file mode 100644
index 000000000..419e46c7b
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-editenv
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-editenv
+profile grub-editenv @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-editenv>
+}
+
diff --git a/apparmor.d/groups/grub/grub-file b/apparmor.d/groups/grub/grub-file
new file mode 100644
index 000000000..9ddea365b
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-file
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-file
+profile grub-file @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-file>
+}
+
diff --git a/apparmor.d/groups/grub/grub-fstest b/apparmor.d/groups/grub/grub-fstest
new file mode 100644
index 000000000..6258b4e44
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-fstest
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-fstest
+profile grub-fstest @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-fstest>
+}
+
diff --git a/apparmor.d/groups/grub/grub-glue-efi b/apparmor.d/groups/grub/grub-glue-efi
new file mode 100644
index 000000000..db59cefcd
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-glue-efi
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-glue-efi
+profile grub-glue-efi @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-glue-efi>
+}
+
diff --git a/apparmor.d/groups/grub/grub-install b/apparmor.d/groups/grub/grub-install
new file mode 100644
index 000000000..152ea426b
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-install
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/grub-install
+profile grub-install @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-install>
+}
+
diff --git a/apparmor.d/groups/grub/grub-kbdcomp b/apparmor.d/groups/grub/grub-kbdcomp
new file mode 100644
index 000000000..2760bd0a9
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-kbdcomp
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-kbdcomp
+profile grub-kbdcomp @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-kbdcomp>
+}
+
diff --git a/apparmor.d/groups/grub/grub-macbless b/apparmor.d/groups/grub/grub-macbless
new file mode 100644
index 000000000..24e269233
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-macbless
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/grub-macbless
+profile grub-macbless @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-macbless>
+}
+
diff --git a/apparmor.d/groups/grub/grub-menulst2cfg b/apparmor.d/groups/grub/grub-menulst2cfg
new file mode 100644
index 000000000..7a5f063fe
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-menulst2cfg
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-menulst2cfg
+profile grub-menulst2cfg @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-menulst2cfg>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mkdevicemap b/apparmor.d/groups/grub/grub-mkdevicemap
new file mode 100644
index 000000000..835093bfd
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mkdevicemap
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/grub-mkdevicemap
+profile grub-mkdevicemap @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mkdevicemap>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mkfont b/apparmor.d/groups/grub/grub-mkfont
new file mode 100644
index 000000000..fe5d5c4fa
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mkfont
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mkfont
+profile grub-mkfont @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mkfont>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mkimage b/apparmor.d/groups/grub/grub-mkimage
new file mode 100644
index 000000000..bd4729cfb
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mkimage
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mkimage
+profile grub-mkimage @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mkimage>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mklayout b/apparmor.d/groups/grub/grub-mklayout
new file mode 100644
index 000000000..d01086f59
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mklayout
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mklayout
+profile grub-mklayout @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mklayout>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mknetdir b/apparmor.d/groups/grub/grub-mknetdir
new file mode 100644
index 000000000..ea85f204f
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mknetdir
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mknetdir
+profile grub-mknetdir @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mknetdir>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2 b/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2
new file mode 100644
index 000000000..33ccfa78e
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mkpasswd-pbkdf2
+profile grub-mkpasswd-pbkdf2 @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mkpasswd-pbkdf2>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mkrescue b/apparmor.d/groups/grub/grub-mkrescue
new file mode 100644
index 000000000..252c1df4d
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mkrescue
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mkrescue
+profile grub-mkrescue @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mkrescue>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mkstandalone b/apparmor.d/groups/grub/grub-mkstandalone
new file mode 100644
index 000000000..b2be219c0
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mkstandalone
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mkstandalone
+profile grub-mkstandalone @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mkstandalone>
+}
+
diff --git a/apparmor.d/groups/grub/grub-mount b/apparmor.d/groups/grub/grub-mount
new file mode 100644
index 000000000..6ea7afefa
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-mount
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-mount
+profile grub-mount @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-mount>
+}
+
diff --git a/apparmor.d/groups/grub/grub-ntldr-img b/apparmor.d/groups/grub/grub-ntldr-img
new file mode 100644
index 000000000..766c505d1
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-ntldr-img
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-ntldr-img
+profile grub-ntldr-img @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-ntldr-img>
+}
+
diff --git a/apparmor.d/groups/grub/grub-reboot b/apparmor.d/groups/grub/grub-reboot
new file mode 100644
index 000000000..229aea9a2
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-reboot
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/grub-reboot
+profile grub-reboot @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-reboot>
+}
+
diff --git a/apparmor.d/groups/grub/grub-render-label b/apparmor.d/groups/grub/grub-render-label
new file mode 100644
index 000000000..3a0d5034b
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-render-label
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-render-label
+profile grub-render-label @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-render-label>
+}
+
diff --git a/apparmor.d/groups/grub/grub-set-default b/apparmor.d/groups/grub/grub-set-default
new file mode 100644
index 000000000..531beda94
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-set-default
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{s,}bin/grub-set-default
+profile grub-set-default @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-set-default>
+}
+
diff --git a/apparmor.d/groups/grub/grub-syslinux2cfg b/apparmor.d/groups/grub/grub-syslinux2cfg
new file mode 100644
index 000000000..bbbc94a7e
--- /dev/null
+++ b/apparmor.d/groups/grub/grub-syslinux2cfg
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/grub-syslinux2cfg
+profile grub-syslinux2cfg @{exec_path} flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} rm,
+
+  include if exists <local/grub-syslinux2cfg>
+}
+