BIOS/UEFI and Bootloader Passwords
If an intruder has access to the BIOS/UEFI, they can boot into rescue or single user mode, which in turn allows them to start arbitrary processes on the system or copy sensitive data.
Therefore, if unauthorized persons may gain physical access to your machine
Enable BIOS/UEFI passwords.
The system uses the GRUB boot loaded which can be accesses during startup. The boot loader interface also allows a user to boot into unprotected single user mode. To prevent this
Password protect the Linux boot loader.