If the disc is encrypted (and otherwise nothing would save you anyway), why do I... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

krick 5 months ago | parent | context | favorite | on: Installing Arch Linux on a Laptop

If the disc is encrypted (and otherwise nothing would save you anyway), why do I need the Secure Boot, really? What harm it can do for somebody to boot my device from an unauthorized drive?

AlphaJack 5 months ago [–]

The threat model is the Evil Maid Attack. I found Secure Boot + UKI + TPM PIN (God forbids automatic unsealing) + FDE to be great for both security and usability.

[0]: https://en.wikipedia.org/wiki/Evil_maid_attack

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact