onlinepersona@programming.dev to Linux@programming.dev · 16 hours agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square37fedilinkarrow-up114arrow-down15file-text
arrow-up19arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 16 hours agomessage-square37fedilinkfile-text
minus-squareTwilightKiddy@programming.devlinkfedilinkEnglisharrow-up7·15 hours agoAs bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
minus-squareJumuta@sh.itjust.workslinkfedilinkarrow-up3·15 hours agoI meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe
As bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
I meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe