While these are cool, I honestly wish GRUB was silent unless you’re holding a key during boot. The 5 seconds it takes to go away and just boot the OS by default is really unnecessary.
I think you can get that by setting `GRUB_TIMEOUT_STYLE=hidden` and `GRUB_TIMEOUT=0`. Then you can hold `Shift` to see the GRUB menu, otherwise it will boot the default option immediately.
Make sure this works on your system before you really need it, as some keyboard/USB-controller combinations take a few seconds to wake up from whatever slumber they're in and start working. I ran into this several times.
Because sane OSes have sane defaults, and this is one of them. Hide information by default, unless called for. Want verbose boot log? Ask for it. Want boot menu? Ask for it. Need Bluetooth enabled at boot? Aak for it. Don't overburden the user with irrelevant info. When my 7 y.o. daughter fires up the Steam Decj, she doesn't need to see the boot menu.
No, they don't; they let you decide some things which are relevant. People in the know decide defaults. This is how it works everywhere. Else you'd learn to bicycle with your own traffic rules. You'd end under a bus.
Addendum: You could say you want a sandbox, and that such is part of the sandbox to play with. Then you need some kind of way to clean up, like you can clean up the toys your kids play with (or ensure they clean up their own mess), or ensure their sandbox environment is safe (such as no fire hazards in your house). Then I would argue a VM is such. OS with rollbacks or a user account on an OS or locked down iOS/Android could suffice, too.
My parents gave me the bicycle in a box. I had to put it together if I wanted to ride it. They owned the bicycle shop too. They could have put it together for me, but they let me do it.
On a modern laptop running Linux, the three slowest things in the boot are:
- The firmware
- The bootloader timeout
- Waiting for the user to type the encryption passphrase
Everything else takes almost no time at all. So, if you can eliminate 5 seconds from the boot process in the normal case, without eliminating your ability to debug the system in the unusual case, that's a win.
But how often do you boot a modern laptop in the first place? I feel lke the time I save in not waiting those 5 seconds occasionally is all going to be spent again in the minutes wasted having to look up how I stop the instant autoboot (or failing to stop the autoboot and having to reset and try again) the first time I need to actually interact with grub...
That doesn't provide the desired security, unless you also then carefully lock down the system so that the TPM doesn't provide the key if the software has changed. That's theoretically doable but challenging, with many failure modes in both directions: not being able to get into the system, or someone being able to get into the system when they shouldn't.
