On 2017-02-02 10:27, Tinker wrote:
..
My motivation here for wanting the boot code on the USB stick, is that
I trust the USB stick more than my harddrive.
Motivation:
What I meant to say here is that I like the notion of the harddrive as
unsecure by definition, so that I only will trust its content through
the "firewall" of the softraid crypto mechanism.
This is why I'm OK with storing softraid crypto data on the HDD but not
the boot code.
The only thing, supposedly, that the HDD could do would be to give me
fake partition tables or partition data, and goofy partition data could
only meaningfully amount to a replay attack, so those would be harmless
in both cases.
So this would (supposedly) cut out the harddrive from the chain of
attack vectors, and that can be an important step in the direction of
security. Of course there is a plethora of security problems in addition
to this one in any computer.
