onlinepersona@programming.dev to Linux@programming.dev · 2 months agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square39fedilinkarrow-up118arrow-down15file-text
arrow-up113arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 2 months agomessage-square39fedilinkfile-text
minus-squareTwilightKiddy@programming.devlinkfedilinkEnglisharrow-up7·2 months agoAs bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
minus-squareJumuta@sh.itjust.workslinkfedilinkarrow-up3·2 months agoI meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe
As bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
I meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe