this post was submitted on 13 Nov 2025
13 points (78.3% liked)

Linux

10111 readers
1036 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
13
Why call it full-disk encryption when the EFI partition has to be unencrypted? (programming.dev)
submitted 2 days ago by onlinepersona@programming.dev to c/linux@programming.dev
39 comments fedilink hide all child comments
 

Sounds like a misnomer to me.

you are viewing a single comment's thread
view the rest of the comments
[–] dgdft@lemmy.world 4 points 2 days ago (1 children)

There’s also PXE boot, secure boot, carrying around a live image on a flash drive, etc.

But any attacker advanced enough to tamper with your EFI partition in an evil-maid scenario has plenty of other options to log and steal your encryption passphrase, so it’s generally a moot point.

[–] onlinepersona@programming.dev -2 points 2 days ago (2 children)

With that logic there's no need to even encrypt your partitions 🤷

[–] dgdft@lemmy.world 10 points 2 days ago

Absolutely not — the skill level needed to tamper with a bashrc, pull credentials + keys, or generally hunt for sensitive info on an unencrypted disk is worlds apart from the skill level needed to modify an EFI binary.

[–] spiffpitt@lemmy.world 7 points 2 days ago

security isn't real, just increasing deterrence for attackers.

if you can access something, they can access it, it's just a matter of effort needed to get there.