Any other way to protect root password from being changed?

So I recently found out, that anyone can easily change root password if they have access to grub. I prevented that by adding extra password to it. Why is it made this way? It seems to be absolutely stupid - anyone can easily change your password, which makes it almost useless - maybe just to protect computer from kids. But if I have multiple OS'es, shouldn't locking grub prevent others users from loading that other OS? For example - I use Ubuntu (and I want to prevent others from logging in), but another user uses Win, which he should access through grub. But since it is locked, he cannot do that, unless he know grub's password. But then he can easily change my root password for Ubuntu.

In other words - is there a proper way to secure Ubuntu, so nobody could easily change root password?


Full disk encryption is the only way to protect your system in the event that someone gains physical access to your device. This is true with any device, including your phone and your Windows installation.

If your root file system is not encrypted, not only can your root password be changed, but an attacker could get all of your data and make changes to anything on your system.

You can set up full disk encryption during system install and you will be required to enter a password each time you boot your device. Your device will only be as secure as the password you choose, so pick a password or passphrase that is unlikely to be guessed or brute-forced and do not share it with anyone else. If you lose your password, you will be unable to decrypt your system.