That's true in principle, but it requires the time, tools and privacy to open the case and remove the media. In practice the ability to caually boot an alternative OS (from a USB stick, say) is a hole worth plugging in a lot of cases. This can be done easily enough with a BIOS password, but the problem is that GRUB's default configuration defeats this by allowing the user direct control over booting. I don't think it's insane, though you're right that this can't produce a "secure" installation.
the guide fails to mention the uninstallation method, which consists of booting off of a USB pen drive and removing the line that was just added. passworded bios? insert the hard drive in another machine instead.
this also doubles as the method in which this "security" measure would be defeated.
5 comments
[ 4.1 ms ] story [ 38.6 ms ] threadthis also doubles as the method in which this "security" measure would be defeated.
Personally, I use full disk encryption, but I keep the boot partition and boot loader on an external USB drive that never leaves my side. More details on my blog here: https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sop...