For those of you who are using linux: Are you using secure boot? I.e. is your bootloader configured to only decrypt your disk and boot your OS, while blocking all “booting from USB stick” and such?
I’m asking because i’m considering a very specific attack vector, through which a sufficiently skilled agent (e.g. FBI, CIA) could install a keylogger into your OS and get access to your sensitive data that way, even when your disk is encrypted and without your knowledge.
Nope. Things break on my system when it gets turned on. I just updated the BIOS last week, which somehow resulted in it getting turned back on. That silently broke my graphics card driver and it took me like an hour to figure out what was going on since there was no obvious error message.
no
deleted by creator
Unless you run your mobo with a password (no one really does), the attack vector always exists by disabling secure boot physically; and even the BIOS password could be reset through ways so I don’t really see the point in secure boot.
Secure boot can be made secure in principle. The internal disk is encrypted, the bootloader stores the cryption key internally. When you change which OS is booted, the bootloader refuses to give out the key or deletes the key altogether. For one, you would immediately noticed that your OS was tampered with. For two, even when an alternative OS manages to boot, it can’t read your data.
deleted by creator
Well, I’m running Asahi Linux on a Macbook which can’t boot from USB even if I wanted to.
However, if you’re really worried about state-level threat actors, like FBI or CIA, I don’t believe there is much you could do to protect yourself anyway. They likely have entire catalogs of unpublished and undisclosed side-band attack exploits they could draw from to gain access to your machine and execute a privilege escalation to install whatever they want.
I’ve got two machines, one with, one without. The one without is a glorified media box. The one with has documents and emails and such
I have secure boot enabled in the bios, if that’s what your asking. I pretty much exclusively use Linux with secure boot enabled. The only time I’ve ever disabled it was to try and get Virtual Box working in Linux Mint but it stops working as soon as I re-enable secure boot, so I don’t use Virtual Box.





