29 Apr
2021
29 Apr
'21
09:55
On Wed, Apr 28, 2021 at 8:47 PM Petr Tesařík
That's not my point. My point is that there is nothing secret stored under /boot. If it is a separate partition, it may be left unencrypted, avoiding the need to give a password to the boot loader.
Currently neither grub.cfg nor initrd are verified. Which means it is possible to install modified initrd which takes over after you unlocked root.