Today the decommission cookbook will try to render the host being targeted unbootable by executing /sbin/wipefs --all --force against the block devices found on the host during a step called "wipe bootloaders".
This is effective in making the host unbootable, but I think we clarify the output and expectations for the step. Wipefs is actually removing filesystem, raid and partition-table signatures from the disks, and afaict leaves the grub bootloader intact on disk.
I think we should either a) update this to execute a command which zeroes the bootloader (and leaves partition/fs signatures in place) or b) update the output to specifically list down all that is being wiped (raid, partition table, filesystem signatures).