• uis@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    il y a 6 mois

    Signal data will be encrypted if your disk is also encrypted.

    True.

    and you don’t have any type of verified boot process

    How motherboard refusing to boot from another drive would protect anything?

      • uis@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        il y a 6 mois

        Well, yes. By refusing to boot. It can’t prevent booting if motherboard is replaced.

        EDIT: s/do anything/prevent booting/

            • 9tr6gyp3@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              il y a 6 mois

              If the hardware signatures don’t match, it wont boot without giving a warning. If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.

              • uis@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                il y a 6 mois

                If the hardware signatures don’t match

                Compromised hardware will say it is same hardware

                If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.

                Compromised hardware controls execution of software. Warning is done in software. Conpromised hardware won’t let it happen.

                  • uis@lemm.ee
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    il y a 6 mois

                    Compromised hardware can’t create new signatures, but it doesn’t matter because it controls execution of software and can skip any checks.