Any security risks for the boot drive not being encrypted?

[mystic]

I did a fresh install and used full disk encryption today for the first time since MX 18 was out. I noticed the boot partition was not encrypted. Coming from other distros where they have their boot partition encrypted, are there any security risks involved here that I should be aware off?

[dolphin_oracle]

Not as long as you aren't storing any information. On the boot partition.

[BitJam]

The risk of an unencrypted boot partition is that if someone gets a hold of your machine, they could alter the kernel or the initrd to add something malicious. I believe they could also do something like this by altering the bootloader even if the boot partition is encrypted. This is the "good" part of secure boot. OTOH, an invader could disable secureboot or add a signing key to use their malicious bootloader.

If your main partitions are encrypted then this will make it hard or impossible for someone to get your data when the machine is not booted by you or the disk is removed. But you are still vulnerable to a number of attack vectors that would essentially add rootkit or a virus and get your data while the machine is running after you've entered your passphrase.

[v3g4n]

"Evil Maid Attack"
https://www.schneier.com/blog/archives/ ... attac.html