Nowadays I'd say it's hard to believe that anything is really secure.
Nevertheless one can keep going adding more and more barriers.
The idea is not to be selected as an easier path to attack.
But again, if someone is determined who can tell...
Despite this gave introduction, my goal is to repeat one known tiny bit:
Help preventing unauthorized GRUB configuration change by adding a password.
The method below isn't for GRUB2 (the next generation), but for the older version.
Locate the grub menu file where to configure the password:
# bootadm list-menu
the location ... is: /rpool/boot/grub/menu.lst
default 4
timeout 15
...
Invoke the grub binary to create the password.
Take note of the resulting encrypyted hash.
# /boot/grub/bin/grub
GNU GRUB version 0.97 (640K lower / 65536K upper memory)
[ ...
...
... ]
grub> md5crypt
Password: ***************
Encrypted: $1$...
grub> quit
Edit the grub menu file and include the generated password hash as shown below:
# head -7 /rpool/boot/grub/menu.lst
splashimage /boot/grub/splash.xpm.gz
foreground 343434
background F7FbFF
default 4
timeout 15
password --md5 $1$...
#---------- ADDED BY BOOTADM - DO NOT EDIT ----------
...
That's all what's need for GRUB1.
For GRUB2 I'm still trying to learn how to do it.