Re: Whole Disk Encryption + SSD

To: debian-user@lists.debian.org
Subject: Re: Whole Disk Encryption + SSD
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Mon, 28 Jun 2021 19:56:47 -0400
Message-id: <[🔎] jwv4kdhim2t.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] 4ef539b6-af04-4d53-9512-cd3dba0d4ce3@gmx.com> <[🔎] bb07defe-eaea-ddee-e534-73289541cc60@holgerdanske.com>

> Along with SED, I suggest that you also implement Secure Boot.

Can someone give me pointers to actually known attacks (not
hypothetical ones, which I can invent myself without much difficulty)
that would have been prevented by Secure Boot?

I can see that subverting the early boot might be a good way for
rootkits to install themselves in a way that's hard to detect and/or
remove, but it's not like there aren't plenty of other ways to get
pretty much the same result.

IOW it sounds to me a bit like putting a reinforced steel frame around
a cardboard door.


        Stefan

Reply to:

Follow-Ups:
- Re: Whole Disk Encryption + SSD
  - From: <tomas@tuxteam.de>

References:
- Whole Disk Encryption + SSD
  - From: piorunz <piorunz@gmx.com>
- Re: Whole Disk Encryption + SSD
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: how to change terminal (tty) font?
Next by Date: Re: Dovecot: ssl_ca_path not respected?
Previous by thread: Re: Whole Disk Encryption + SSD
Next by thread: Re: Whole Disk Encryption + SSD
Index(es):
- Date
- Thread