I was helping a friend replacing the battery and thermal paste on his System 76 laptop. Never own one before but I notice it runs a special BIOS version, Coreboot. It turns out there are Coreboot and Lireboot. .These help to boot really fast though.
Anyway, I notice there are no password BIOS lock like on Lenovo. How would this protect against someone plug a USB in and just wipe my drive? On Lenovo you can set a supervisor / boot passwords, and you can remove USB drives from the boot list.
When the drive in encrypted, you need a (very very long) encryption key to read it. Otherwise, the data is obfuscated and can’t be read by bad actors. This encryption key is essentially impossible for (non-quantum) computers to crack as it would take too long
Ironically it’s also the best way to make sure your data isn’t leaked when selling drives second hand.
Full encrypt it, roll the key, and now you have a drive with no readable content for sale.
When the next person come along they will likely ignore the password and do their own thing.
Wouldn’t something like DBAN do the same thing but with less operations on the drive?
For spinning rust drives, yes. But for SSD no. Because of how the SSD store data it isn’t guaranteed to be overwritten.
Even quantum computers will not be able to break AES fast enough