**Exception**

Configuring a password for the bootloader is left up to the deployer to
configure.  Each deployer should consider the potential damage to their
system should someone gain unauthorized physical access at the server
itself or via an out-of-band management solution (like IPMI, DRAC, or iLO).