El 23/10/17 a les 16:35, Arnt Gulbrandsen ha escrit: > Didier Kryn writes: >> For me the things which need to be protected are >> >> 1) the data >> 2) the OS, to avoid backdoors >> >> I can't see any need to protect a motherboard against booting from >> a "foreign" disk. > > To access the data: Boot from foreign media, modify or replace the usual > boot partition so it looks right until it asks for the disk encryption > password, turn off the host, wait for the owner to turn it on and type > in the password, done. >
I don't know better secure boot than your own removable media: MBR and whole /boot on an USB key, and full disk encryption. If you really need that level of security, don't trust to any installed boot (UEFI/GRUB/etc). Mainboard support for UEFIs aren't capable to trust the boot so transparently as FOSS does. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng