Web lists-archives.com

Re: Possible for full-disk encryption to encrypt /boot as well?




On Fri, May 25, 2018 at 12:44 PM, Pascal Hambourg
<pascal@xxxxxxxxxxxxxxx> wrote:

> Why do you want an encrypted /boot ? It does not usually contain any
> sensitive information. Encrypted /boot is not tamper-proof unless extra
> steps are taken to protect the first stage boot such as booting from
> write-protected, authenticated or removable media.

Thanks for your reply. I am working for an organization which requires
computers to be full disk encrypted. They support Windows, but if I
want to run Linux, I'm on my own. So to be precise I need something
which is strictly comparable to whatever is provided by Symantec full
disk encryption for Windows. If I can achieve that, I'll be in
business.

It may be true that encrypted /boot is not really relevant, but I
don't want to try to argue with tech support staff that a system with
unencrypted /boot is close enough. I feel like it needs to be all or
nothing in order for me to press this issue with them.

Thank you very much for your comments, and all the best.
Robert Dodier