USB security dongle

[scutiform]

After having a new laptop stolen, I would like to put a USB stick into one of the USB ports so that the new laptop would not boot up unless the USB stick is present – like a security dongle. Can I put a copy of the menu.lst file onto the USB stick and get it to initialize the boot from there? There is no problem getting the laptop to boot from a USB device, and I can password lock the boot sequence etc. I have user name/password in use as well, but I would feel a lot more happy if the machine was completely in-accessible to anybody but me. (I would have a few copies of the dongle put away in case I lost the one in use. No point in loosing all the keys to the house!!)

[coopstah13]

if someone has physical access to the machine, it isn't difficult to reset the BIOS password to be able to modify boot sequence, I would say your best bet is to use a distro that allows you to encrypt the data on your disk

[HROAdmin26]

Moving /boot to a USB device will only prevent the system from booting. Someone using another LiveUSB OS could boot, mount, and read your data. So as Coopstah mentioned, you should consider why you want to move /boot to USB.

If you want to encrypt *everything* on the internal drive and move /boot to USB, here is a nice article Linux Magazine did on just this topic. I have used a similiar process several times.

[learz]

Thinkpads can do this, but its done with hardware

setting Power on password

Additional chip then can password lock the bios.

If you forget the password, you're up for a new system board as not covered by warranties

[scutiform]

I'm not sure if the fence used by my local burglar would have a live USB, a live CD or even know what Linux is. If they switch it on and it doesn't work they are more likely to dump it, and Mr Burglar won't get any money for it.