On 2023-03-29 13:02, Carlos E. R. wrote:
On 2023-03-29 02:15, Bob Rogers wrote:
From: "Carlos E. R." <robin.listas@telefonica.net> Date: Tue, 28 Mar 2023 22:04:08 +0200
On 2023-03-28 21:36, gebser@mousecar.com wrote: . . . > Have to ask: What's the point of encrypting /boot and /boot/efi? What > sensitive information could be found there?
I don't really know.
Tamper-proofing. So nobody with physical access can substitute a kernel with a backdoor, and then get access to your oh-so-carefully encrypted partitions after you've booted into it.
Yes, that seem obvious :-)
Now that I think, /boot/efi is not encrypted. Is it vulnerable? It is somewhat protected by the uefi key, though. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)