Re: Debian 9 /boot && /boot/efi partition
- Date: Thu, 10 Jan 2019 21:02:20 +0000
- From: Jonathan Dowland <jmtd@xxxxxxxxxx>
- Subject: Re: Debian 9 /boot && /boot/efi partition
On Thu, Jan 10, 2019 at 07:28:04PM +0000, Pieter Lems wrote:
As you can see there is a /boot and a /boot/efi partition. I was wondering
the following things:
What is the reason this was automaticly done?
The system is set up to boot vie (U)EFI. The EFI boot volume must be
FAT32, so /boot/efi is created as FAT32 separately from /boot, which
is one of the exts (I think ext4). The installer will not do this if
it detects the system boots via the old-style method.
I think EFI also mandates the layout of the filesystem to the extent
that one could not simply use /boot as the EFI partition, formatted
as FAT32, but I'm not entirely sure.
Does this have any negative influence on the security of my /boot partition?
How can I counter this?
Both /boot and /boot/efi are unencrypted, but I don't think that
/boot/efi is any worse than /boot for security by virtue of being
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.