• uis@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    4 months ago

    Signal data will be encrypted if your disk is also encrypted.

    True.

    and you don’t have any type of verified boot process

    How motherboard refusing to boot from another drive would protect anything?

      • uis@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        Well, yes. By refusing to boot. It can’t do anything if motherboard is replaced.

            • 9tr6gyp3@lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              4 months ago

              If the hardware signatures don’t match, it wont boot without giving a warning. If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.

              • uis@lemm.ee
                link
                fedilink
                arrow-up
                0
                ·
                edit-2
                4 months ago

                If the hardware signatures don’t match

                Compromised hardware will say it is same hardware

                If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.

                Compromised hardware controls execution of software. Warning is done in software. Conpromised hardware won’t let it happen.

                  • uis@lemm.ee
                    link
                    fedilink
                    arrow-up
                    0
                    ·
                    4 months ago

                    Compromised hardware can’t create new signatures, but it doesn’t matter because it controls execution of software and can skip any checks.