On 2023-03-09 06:21:10 +0000 (+0000), Stephan Verbücheln wrote: > Can you explain or refer to literature why encrypted /boot is > pointless? [...] Doesn't really need literature, just some rational thought. People often confuse encryption with attestation. Try to explain what security benefits you gain from keeping the contents of /boot secret. Sure, you don't want someone with physical access to the machine changing the files in /boot in order to backdoor the system startup process, but you don't need to encrypt the contents to gain that property. Attestation (a.k.a. "secure boot") relies on cryptographic signatures to avoid using files which have been altered, regardless of whether /boot has been encrypted: https://wiki.debian.org/SecureBoot But take it a step further, if someone has extended physical access to your machine, it's pretty easy to (depending on the device) add a hardware keylogger, packet sniffer, other circuits which can even supply the attacker with reverse-tunneled remote access once you've unlocked and booted the machine. Disk encryption is great (when properly implemented) to protect sensitive information on your machine from prying eyes if it gets stolen, but unless you're putting sensitive data in /boot why go to the added trouble of encrypting it? -- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature