Jeremy Stanley <fu...@yuggoth.org> writes: > Disk encryption is great (when properly implemented) to protect > sensitive information on your machine from prying eyes if it gets > stolen, but unless you're putting sensitive data in /boot why go to the > added trouble of encrypting it?
I think this is the key point: you should not be putting sensitive data in /boot, and this is generally always avoidable (and architecturally better to put it elsewhere). I have put sensitive data in /boot in the past because reasons, so it's not strictly true there is *never* a benefit, but I agree that this wasn't a great architecture and there were better ways to do it. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>