rm -rf/ - this command destroy system in live mode? Or will everything be restored after reboot? I am afraid to try. I was told that if the system is restored, grub-live is very secure. I understand that such a command should not be entered, but if some intruder enters it or I accidentally insert it inattentively
This is not a documented command for the purpose of full system deletion. So this is a non-starter.
There are a ton of files the API file systems (/dev, /proc, /sys) and deletion of all of that might have unintended consequences as this is not intended that users are running that command.
That command is more of a joke / saying uses in some contexts. Not an actual feature of Linux. No system can completely delete itself. / is the root filesystem. It contains all, even the live system living in RAM itself.
This isn’t a useful test.
If you want to test that anyhow for curiosity without risk of wrecking your system, try it inside a VM. Images for various VMs are conveniently provided on the download page.
“very secure” can mean many things. I don’t know who told you what exactly. Best to refer to what the documentation is saying.
There is a lot documentation which might be creating an unintended magic aura but what technically happens is what it interesting. This is documented in chapter grub-live, Developer Information. For comprehensive understanding, study the source code.
grub-live doesn’t claim to be a perfect sandbox. It’s “only” enabling live mode, non-persistence. How malware might interact with grub-live is also documented in the wiki.