|
|
|
|
|
|
by Avery3R
1146 days ago
|
|
|
Not exactly sure how the desktop Linux boot process is structured, but on windows with bitlocker the boot partition isn't encrypted either. UEFI has to be able to load a boot manager somehow, and unless you're going to splice in a DXE driver to your mobo's fw, which has the risk of bricking, to decrypt a partition, then you're always going to need a cleartext partition somewhere. On windows the default way it's set up when you have a TPM though is that it locks the decryption keys against a hash of all of the code that has run during the boot process. |
|
|