Any security risks for the boot drive not being encrypted?
Any security risks for the boot drive not being encrypted?
I did a fresh install and used full disk encryption today for the first time since MX 18 was out. I noticed the boot partition was not encrypted. Coming from other distros where they have their boot partition encrypted, are there any security risks involved here that I should be aware off?
- dolphin_oracle
- Developer
- Posts: 20012
- Joined: Sun Dec 16, 2007 1:17 pm
Re: Any security risks for the boot drive not being encrypted?
Not as long as you aren't storing any information. On the boot partition.
http://www.youtube.com/runwiththedolphin
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
lenovo ThinkPad X1 Extreme Gen 4 - MX-23
FYI: mx "test" repo is not the same thing as debian testing repo.
Re: Any security risks for the boot drive not being encrypted?
The risk of an unencrypted boot partition is that if someone gets a hold of your machine, they could alter the kernel or the initrd to add something malicious. I believe they could also do something like this by altering the bootloader even if the boot partition is encrypted. This is the "good" part of secure boot. OTOH, an invader could disable secureboot or add a signing key to use their malicious bootloader.
If your main partitions are encrypted then this will make it hard or impossible for someone to get your data when the machine is not booted by you or the disk is removed. But you are still vulnerable to a number of attack vectors that would essentially add rootkit or a virus and get your data while the machine is running after you've entered your passphrase.
If your main partitions are encrypted then this will make it hard or impossible for someone to get your data when the machine is not booted by you or the disk is removed. But you are still vulnerable to a number of attack vectors that would essentially add rootkit or a virus and get your data while the machine is running after you've entered your passphrase.
"The first principle is that you must not fool yourself -- and you are the easiest person to fool."
-- Richard Feynman
-- Richard Feynman