> I see. Since the original question was about full disk encryption, I
> did not expect non-encrypted /boot to be an option. Sure, in that case
> the copy would help. I just hope the copy will be optional, and
> encrypted /boot will stay a possibility.
i also hope!
loading the kernel from an unencrypted /boot opens up quite a big attack
surface.
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Human sickness is so severe that few can bear to look at it. […] but those who
do will become well.”
— Vernon Howard (1918–1992)
