Product SiteDocumentation Site

2.2. Physical Security

Physical security of the system is of utmost importance. Many of the suggestions given here won't protect your system if the attacker has physical access to the system. Physical access doesn't necessarily mean that the battle is lost, however. Strengthening your BIOS and boot software can help defend your system against certain types of attacks.
Configuring the BIOS to disable booting from CDs/DVDs, floppies, and external devices, can prevent bypassing the boot partition and the boot loader where other protections are in place. It is important to password-protect your BIOS settings so that an attacker cannot just change these, and other, settings. Next, set a password for the GRUB bootloader. Use the grub2-mkpasswd-pbkdf2 to create your password hash. This prevents users from entering single user mode or changing settings at boot time.