Re: GRUB and boot partition
- Date: Tue, 26 Dec 2017 14:50:16 +0100
- From: <tomas@xxxxxxxxxx>
- Subject: Re: GRUB and boot partition
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Dec 26, 2017 at 02:24:24PM +0100, Pascal Hambourg wrote:
> I read that some UEFI implementations allow the user to manage
> secure boot keys. Carefully choose your hardware.
> Oh, by the way I forgot twice to mention another situation when an
> encrypted /boot would provide an advantage : when the machine has a
> platform firwmare which supports LUKS encryption, such as CoreBoot,
> then the on-disk boot components could be entirely encrypted.
Granted. But if I were *that* deep in the thicket, I'd either shell
out the 5K for a PowerPC workstation (which doesn't seem to have all
that ME stuff... or they don't tell you?) *or* wait for lowRISC or
similar. Doing encrypted-to-the-bottom in view of Intel ME or
AMD TrustZone has a bit of a futile taste to me.
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----