Replace the BIOS flash chip and you’re good
Or physically remove the SSD and plug it into another
Discussion
What you are looking for is full disk encryption
If you know the password you can still access the disk and reset the root password. But otherwise data is unusable without it
And it has the advantage that you can wipe it easily (delete the header and entire disk is useless, only thing you can do is reformat)
I like it, because you have to resort to having physical access to the machine to restore any amount of access.
If you have one account, where you replaced the ssh password with a script that issued a challenge token you have to digitally sign with a Bitcoin key and no root account, I think you can effectively bar remote access otherwise.
That is, Bitcoin's signature standard has a whole industry focused on securing private keys. So it would be technically better than a password or preshared key. Even though those would effectively do the same thing.