On Sat, Aug 26, 2017 at 08:39:23AM -0700, [email protected] wrote: > Does Qubes offer a method of securing /boot? not just against USB evil maid > attacks, but from tampering in general? > > for example, while a laptop is off, what would stop a malicious user from > live booting to an arbitrary distro and altering kernel or xen images located > on the unencrypted /boot partition? > > Does qubes offer options for encrypting /boot? >
The Fedora installer wont allow an encrypted boot partition, but there's nothing stopping you from encrypting /boot after installation. You will, of course, have to reconfigure grub to decrypt the new /boot, but that's straightforward. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170828194846.vgnomwjwpl4f6zeg%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
