I was helping a friend replacing the battery and thermal paste on his System 76 laptop. Never own one before but I notice it runs a special BIOS version, Coreboot. It turns out there are Coreboot and Lireboot. .These help to boot really fast though.
Anyway, I notice there are no password BIOS lock like on Lenovo. How would this protect against someone plug a USB in and just wipe my drive? On Lenovo you can set a supervisor / boot passwords, and you can remove USB drives from the boot list.
Ironically it’s also the best way to make sure your data isn’t leaked when selling drives second hand.
Full encrypt it, roll the key, and now you have a drive with no readable content for sale.
When the next person come along they will likely ignore the password and do their own thing.
Wouldn’t something like DBAN do the same thing but with less operations on the drive?
For spinning rust drives, yes. But for SSD no. Because of how the SSD store data it isn’t guaranteed to be overwritten.