Web lists-archives.com

Re: GRUB and boot partition




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Dec 26, 2017 at 02:24:24PM +0100, Pascal Hambourg wrote:

[...]

> I read that some UEFI implementations allow the user to manage
> secure boot keys. Carefully choose your hardware.
> 
> Oh, by the way I forgot twice to mention another situation when an
> encrypted /boot would provide an advantage : when the machine has a
> platform firwmare which supports LUKS encryption, such as CoreBoot,
> then the on-disk boot components could be entirely encrypted.

Granted. But if I were *that* deep in the thicket, I'd either shell
out the 5K for a PowerPC workstation (which doesn't seem to have all
that ME stuff... or they don't tell you?) *or* wait for lowRISC or
similar. Doing encrypted-to-the-bottom in view of Intel ME or
AMD TrustZone has a bit of a futile taste to me.

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlpCU5gACgkQBcgs9XrR2kbj9wCZAd7YWlsxOiJA5JlA0XBe3/D+
LQcAnjNhBcZ8HjM2Wm9rcpyVDSlM4iz4
=5ed9
-----END PGP SIGNATURE-----