El 23/10/17 a les 16:35, Arnt Gulbrandsen ha escrit:
> Didier Kryn writes:
>>     For me the things which need to be protected are
>>
>>     1) the data
>>     2) the OS, to avoid backdoors
>>
>>     I can't see any need to protect a motherboard against booting from
>> a "foreign" disk.
>
> To access the data: Boot from foreign media, modify or replace the usual
> boot partition so it looks right until it asks for the disk encryption
> password, turn off the host, wait for the owner to turn it on and type
> in the password, done.
>

I don't know better secure boot than your own removable media: MBR and
whole /boot on an USB key, and full disk encryption.
If you really need that level of security, don't trust to any installed
boot (UEFI/GRUB/etc).

Mainboard support for UEFIs aren't capable to trust the boot so
transparently as FOSS does.