[sureglymop]

With physical access, root access is as simple as setting init=/bin/bash in the kernel parameters from a bootloader. No need for credentials or anything.

[anygivnthursday]

Secure boot and disk enryption are not that unusual nowdays

[Asraelite]

Secure boot doesn't provide security, just control for device manufacturers.

Physical access always means the device is pwned. You can install a keylogger or something similar.

[qrobit]

Secure boot ensures the image you boot was not tampered with. You can't install keylogger without tampering with the image. If you wanted to install physical keylogger, you would need to open the device up, and at least my laptop provides detection of bottom cover removal, meaning the system will ask you for a bios password if the laptop was opened up.