The LUKS issue was all about getting a root shell as opposed to being
able to defeat LUKS or get the keys or decrypt the data. I know this was
a bit misreported in the press.

A bigger issue is if /boot is not encrypted. And with modern GRUB there
is no need for it not to be. Someone could then use this shell to put a
keylogger in /boot process then they could use this vulnerability to do
some damage. But the same is true from booting from removable custom
media to access the encrypted partitions.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to