onlinepersona@programming.dev to Linux@programming.dev · 1 month agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square39linkfedilinkarrow-up118arrow-down15file-text
arrow-up113arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 1 month agomessage-square39linkfedilinkfile-text
minus-squareTwilightKiddy@programming.devlinkfedilinkEnglisharrow-up7·1 month agoAs bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
minus-squareJumuta@sh.itjust.workslinkfedilinkarrow-up3·1 month agoI meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe
As bad as secure boot is, that’s exactly the use case for it. Frankly, you can both swap the CD and solder a new BIOS flash if you are really interested in boot poisoning, the latter is just a tiny bit harder to do without some sort of trace.
I meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe