Comment by bigfatkitten
14 days ago
> The only boot security real users need is disk encryption.
Which becomes easy to bypass without boot security. If an adversary can modify code that executes in the boot process, they can steal your keys.
14 days ago
> The only boot security real users need is disk encryption.
Which becomes easy to bypass without boot security. If an adversary can modify code that executes in the boot process, they can steal your keys.
An adversary can usually only modify code that executes in the boot process if they already have root privileges, or if they have physical access. In either of those cases the game is already over anyway.
> or if they have physical access.
If you're not worried about physical access, then why would you encrypt your disk at all?
Encrypted disks saves you from an unsophisticated attacker. Also, full disk encryption enables the feature of using a power plug switch as a ”lockdown mode” button.