The LUKS issue was all about getting a root shell as opposed to being able to defeat LUKS or get the keys or decrypt the data. I know this was a bit misreported in the press.
A bigger issue is if /boot is not encrypted. And with modern GRUB there is no need for it not to be. Someone could then use this shell to put a keylogger in /boot process then they could use this vulnerability to do some damage. But the same is true from booting from removable custom media to access the encrypted partitions. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad049ceb-dacf-93d5-cc0c-daffb69e2a3c%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.