On 19/06/2022 22:54, Sharpened Blade via devel wrote:
This can allow for the local installation to sign the kernel and the
initrd, so the boot chain can be verified until after the uefi. Currently, the initrd can
be modified by attackers, so even if the / partition is encrypted, the systems data can be
read on the next boot. If the kernel image, which includes the command line, and the
initrd, is signed then it is harder to comprimise the system. The system can still be
comprimised if the uefi is modified.
What about proprietary NVIDIA drivers?
--
Sincerely,
Vitaly Zaitsev (vitaly(a)easycoding.org)