Re: Physical Access
"Maybe not - but if they can reflash the firmware, they can put in a keylogger or whatever trojan nonsense they want."
Now "Secure" Boot proponents will tell you that "Secure" Boot saves you from that. However there is a simple workaround to that. Company notebooks typically are from a narrow range of devices easily obtained by any attacker:
Just get the same model, install some form of software mimicking a system booting up then asking for a password and displaying a "wrong password" screen while sending the password off to you.
Then you use some social engineering and secretly swap the laptops. Claim to be from another branch of the same company and leave your business card with your mobile phone number.
Once the victim enters the password, you have it and can unlock the computer. Eventually the victim will suspect there having been a mixup and call you to swap them back.