onlinepersona@programming.dev to Linux@programming.dev · 12 hours agoWhy call it full-disk encryption when the EFI partition has to be unencrypted?message-squaremessage-square33linkfedilinkarrow-up112arrow-down15file-text
arrow-up17arrow-down1message-squareWhy call it full-disk encryption when the EFI partition has to be unencrypted?onlinepersona@programming.dev to Linux@programming.dev · 12 hours agomessage-square33linkfedilinkfile-text
minus-squareonlinepersona@programming.devOPlinkfedilinkarrow-up1arrow-down2·10 hours agoWith that logic there’s no need to even encrypt your partitions 🤷
minus-squaredgdft@lemmy.worldlinkfedilinkEnglisharrow-up9·10 hours agoAbsolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.
minus-squarespiffpitt@lemmy.worldlinkfedilinkEnglisharrow-up6·10 hours agosecurity isn’t real, just increasing deterrence for attackers. if you can access something, they can access it, it’s just a matter of effort needed to get there.
With that logic there’s no need to even encrypt your partitions 🤷
Absolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.
security isn’t real, just increasing deterrence for attackers.
if you can access something, they can access it, it’s just a matter of effort needed to get there.