A Linux installation can be simply hacked by using a live USB/CD, gaining root access on the live distro, chrooting to the target filesystem and running passwd root. One can use grub too. There may be some other methods as well.
What is the most efficient way of defending against hacking the installation from Live USB provided the system runs on an SSD drive (TRIM and encryption are said not to work well)?
Best Answer
Don't allow USB access.
Truth is that if someone has physical access to the machine, there's not a lot you can do. In this narrow case your best bet is to disable booting to USB and lock the BIOS (or whatever EFI setup utility is being used) with a password. It's a bit like putting a pad lock on a garage door, there are ways around it, but it's an easy step that keeps honest people honest.