onlinepersona@programming.dev to Linux@programming.dev · 1 day agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square26fedilinkarrow-up114arrow-down14file-text
arrow-up110arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 1 day agomessage-square26fedilinkfile-text
minus-squareTwilightKiddy@programming.devlinkfedilinkEnglisharrow-up3·1 day agoAs bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
minus-squareJumuta@sh.itjust.workslinkfedilinkarrow-up2·1 day agoI meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe
As bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
I meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe