Originally posted by StarterX4
View Post
- Your setup is secure, because you spent time tuning your Arch Linux setup. Competitor just come of the box with their solution, no setup required (even if objectively their solution is rather crappy "Trust us! We swear that we'll protect your data! (Except if we search for kiddie porn").
- Your setup is still vulnerable to something weird happening before it get encrypted: You think it's your booting Linux that asks a password to unlock you LUKS, but actually it's a keylogger (or a trojan that will inject a backdoor into the running system once LUKS has been unlocked).
There is a complete chain of trust that could be leveraged to make sure that the things that asks you to unlock LUKS is actually your perfectly tuned secure setup, and not something that pretends to be while stealing your data. Such chain of trust relies on other things beside encryption, such as SecureBoot and TPM. But most Linux distro don't leverage them so you don't have any guarantee about what happened between the moment you pushed the on button and the moment you got the LUKS prompt (or inserted your USB key).
Tough I dis-agree with his final assessment about the closed platforms "doing it better":
Yes, indeed they make bettter use of these advanced feature. But in my little experience they seem to only making use of this to make you don't get full admin access to your own (pocket) comupter that you bought with your own money. And don't make much effort into making sure that an attacker would have no access to your data. And are usually bad at all these outcome.
Leave a comment: