Comment by bigfatkitten

Comment by bigfatkitten 8 days ago

3 replies

View on Hacker News

> The only boot security real users need is disk encryption.

Which becomes easy to bypass without boot security. If an adversary can modify code that executes in the boot process, they can steal your keys.

teddyh 7 days ago

An adversary can usually only modify code that executes in the boot process if they already have root privileges, or if they have physical access. In either of those cases the game is already over anyway.

Reply View 2 replies
  • bigfatkitten 7 days ago

    > or if they have physical access.

    If you're not worried about physical access, then why would you encrypt your disk at all?

    Reply View 1 reply
    • teddyh 6 days ago

      Encrypted disks saves you from an unsophisticated attacker. Also, full disk encryption enables the feature of using a power plug switch as a ”lockdown mode” button.

      Reply View 0 replies