onlinepersona@programming.dev to Linux@programming.dev · 1 month agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square39linkfedilinkarrow-up118arrow-down15file-text
arrow-up113arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 1 month agomessage-square39linkfedilinkfile-text
minus-squareonlinepersona@programming.devOPlinkfedilinkarrow-up1arrow-down4·1 month agoWith that logic there’s no need to even encrypt your partitions 🤷
minus-squaredgdft@lemmy.worldlinkfedilinkEnglisharrow-up10·1 month agoAbsolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.
minus-squarespiffpitt@lemmy.worldlinkfedilinkEnglisharrow-up7·1 month agosecurity isn’t real, just increasing deterrence for attackers. if you can access something, they can access it, it’s just a matter of effort needed to get there.
With that logic there’s no need to even encrypt your partitions 🤷
Absolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.
security isn’t real, just increasing deterrence for attackers.
if you can access something, they can access it, it’s just a matter of effort needed to get there.