diff --git a/benchmarks/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.md b/benchmarks/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.md
index 21119b527caccdefb55205f03c154c39734904af..61b46d5576a667e33c0deef2166120b6458075be 100644
--- a/benchmarks/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.md
+++ b/benchmarks/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.md
@@ -25,8 +25,8 @@ grub 文件包含启动信息和 bootloader 密码信息。grub2 的配置通常
 # [ -f /boot/grub2/grubenv ] && chmod og-rwx /boot/grub2/grubenv
 # [ -f /boot/grub2/user.cfg ] && chown root:root /boot/grub2/user.cfg
 # [ -f /boot/grub2/user.cfg ] && chmod og-rwx /boot/grub2/user.cfg
-# [ -f /boot/efi/EFI/anolis/grubenv ] && chown root:root /boot/efi/EFI/anolis/grubenv
-# [ -f /boot/efi/EFI/anolis/grubenv ] && chmod og-rwx /boot/efi/EFI/anolis/grubenv
+# osID=$(cat /etc/os-release | grep -Pi "^ID=" | cut -f2 -d= | sed -rn "s/\"//gp") ; [ -f /boot/efi/EFI/$osID/grubenv ] && chown root:root /boot/efi/EFI/$osID/grubenv
+# osID=$(cat /etc/os-release | grep -Pi "^ID=" | cut -f2 -d= | sed -rn "s/\"//gp") ; [ -f /boot/efi/EFI/$osID/grubenv ] && chmod og-rwx /boot/efi/EFI/$osID/grubenv
 ```
 
 2. 如为 UEFI 模式，则需编辑`/etc/fstab`文件，添加以下参数：
diff --git a/remediation-kits/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh b/remediation-kits/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh
index 0689338b748ad25542cacf224e228a8339e1e87f..fb2091f39ff2068fd8856bdee4803e1e76547975 100644
--- a/remediation-kits/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh
+++ b/remediation-kits/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh
@@ -1,6 +1,10 @@
+osID=$(cat /etc/os-release | grep -Pi "^ID=" | cut -f2 -d= | sed -rn "s/\"//gp")
+
 [ -f /boot/grub2/grub.cfg ] && chown root:root /boot/grub2/grub.cfg;
 [ -f /boot/grub2/grub.cfg ] && chmod og-rwx /boot/grub2/grub.cfg;
 [ -f /boot/grub2/grubenv ] && chown root:root /boot/grub2/grubenv;
 [ -f /boot/grub2/grubenv ] && chmod og-rwx /boot/grub2/grubenv;
 [ -f /boot/grub2/user.cfg ] && chown root:root /boot/grub2/user.cfg;
-[ -f /boot/grub2/user.cfg ] && chmod og-rwx /boot/grub2/user.cfg;
\ No newline at end of file
+[ -f /boot/grub2/user.cfg ] && chmod og-rwx /boot/grub2/user.cfg;
+[ -f /boot/efi/EFI/$osID/grubenv ] && chown root:root /boot/efi/EFI/$osID/grubenv
+[ -f /boot/efi/EFI/$osID/grubenv ] && chmod og-rwx /boot/efi/EFI/$osID/grubenv
\ No newline at end of file
diff --git a/scanners/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh b/scanners/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh
index 201de146698d5363745d6c4e0c11d245188d1a31..9d6a13cf15cca257a0bab3e66229395b6eed3b26 100644
--- a/scanners/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh
+++ b/scanners/system-configurations/4.11-ensure-permissions-on-bootloader-config-are-configured.sh
@@ -1,7 +1,10 @@
 #!/usr/bin/env bash
+osID=$(cat /etc/os-release | grep -Pi "^ID=" | cut -f2 -d= | sed -rn "s/\"//gp")
+
 [[ -f /boot/grub2/grub.cfg ]] && file_path='/boot/grub2/grub.cfg'
 [[ -f /boot/grub2/grubenv ]] && file_path=$file_path' /boot/grub2/grubenv'
 [[ -f /boot/grub2/user.cfg ]] && file_path=$file_path' /boot/grub2/user.cfg'
+[[ -f /boot/efi/EFI/$osID/grubenv ]] && file_path=$file_path" /boot/efi/EFI/$osID/grubenv"
 result=0
 
 if [[ -n $file_path ]] ; then