Web lists-archives.com

Re: Debian 9 /boot && /boot/efi partition




On Thu, Jan 10, 2019 at 07:28:04PM +0000, Pieter Lems wrote:
As you can see there is a /boot and a /boot/efi partition. I was wondering
the following things:
What is the reason this was automaticly done?

The system is set up to boot vie (U)EFI. The EFI boot volume must be
FAT32, so /boot/efi is created as FAT32 separately from /boot, which
is one of the exts (I think ext4). The installer will not do this if
it detects the system boots via the old-style method.

I think EFI also mandates the layout of the filesystem to the extent
that one could not simply use /boot as the EFI partition, formatted
as FAT32, but I'm not entirely sure.

Does this have any negative influence on the security of my /boot partition?
How can I counter this?

Both /boot and /boot/efi are unencrypted,  but I don't think that
/boot/efi is any worse than /boot for security by virtue of being
FAT32.


--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.