@acne said:Sure, but your bootloader is password protected against any non default kernel line, right? Or you might as well use an empty root password...And I know that any password may be changed without knowing it, but what if you get that dreaded "Enter root password or hit Ctrl+D to continue"? If access to the console is restricted, it's IMO not necessary to do protect the bootloader. On the other hand, in a very confidentional environment, you have to use encrypted filesystems as well, since someone with access to the console might as well take the harddisk out of the box and mount it on another computer.