onlinepersona@programming.dev to Linux@programming.dev · 2 months agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square39fedilinkarrow-up118arrow-down15file-text
arrow-up113arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 2 months agomessage-square39fedilinkfile-text
minus-squareonlinepersona@programming.devOPlinkfedilinkarrow-up1arrow-down4·2 months agoWith that logic there’s no need to even encrypt your partitions 🤷
minus-squaredgdft@lemmy.worldlinkfedilinkEnglisharrow-up10·2 months agoAbsolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.
minus-squarespiffpitt@lemmy.worldlinkfedilinkEnglisharrow-up7·2 months agosecurity isn’t real, just increasing deterrence for attackers. if you can access something, they can access it, it’s just a matter of effort needed to get there.
With that logic there’s no need to even encrypt your partitions 🤷
Absolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.
security isn’t real, just increasing deterrence for attackers.
if you can access something, they can access it, it’s just a matter of effort needed to get there.