Feature Recovery Mode Lockdown: Disabled Recovery Mode by default is already implemented.
- Linux recovery mode boot option has been removed from default GRUB boot menu for security and usability reasons has been implemented.
- Harden DRACUT initramfs-generator by disabling Recovery Console? has also been implemented.
Related documentation:
Additional considerations such as protecting the kernel command line, unikernel, etc. while happen during the implementation of Verified Boot. A proper threat model, holistic concept is planned.
Depends what you mean by rescue mode.
If the operating system is no longer booting, then if the user still remembers their BIOS password and/or full disk encryption password, booting the computer from external storage for the purpose of data recovery will still remain possible and supported in so far as we’re providing documentation or pointers on how to do that.