5 comments

[ 4.1 ms ] story [ 38.6 ms ] thread
If someone has physical access to a computer, this isn't securing anything.
That's true in principle, but it requires the time, tools and privacy to open the case and remove the media. In practice the ability to caually boot an alternative OS (from a USB stick, say) is a hole worth plugging in a lot of cases. This can be done easily enough with a BIOS password, but the problem is that GRUB's default configuration defeats this by allowing the user direct control over booting. I don't think it's insane, though you're right that this can't produce a "secure" installation.
the guide fails to mention the uninstallation method, which consists of booting off of a USB pen drive and removing the line that was just added. passworded bios? insert the hard drive in another machine instead.

this also doubles as the method in which this "security" measure would be defeated.

If someone has physical access, the only effective barrier is full-disk encryption.