[Y_Y]

Presumably drive encryption is necessary anyway to protect lost/stolen devices, and at that point modifying the bootloader won't be useful.

I see the value when the attacker manages to modify the device without the user knowing, and causes them to unknowingly use an attacker-controlled OS, but that's a vastly different threat model.

[HPsquared]

Some kind of secure enclave is necessary to prevent brute force attacks. Allows simple PIN unlock for users.

[Y_Y]

I'd argue that it's neither necessary nor sufficient for securing your data. (Convenience is another worthwhile consideration, of course.)

Cryptography should be enough to protect you from brute force, if you care about such things. I don't think it would be controversial to say that it's much more likely your particular secure enclave is broken than your encryption scheme (assuming you choose something appropriate and you're not on the NSA's radar).

[HPsquared]

It's just really convenient to key in a 6-digit PIN.

[lmm]

> Some kind of secure enclave is necessary to prevent brute force attacks.

Eh maybe, what's the realistic threat model here? 99.9% of the time someone stealing a laptop isn't going to know or care what's on it, they'll just wipe it and sell the hardware. And in the rare case where you're seriously concerned about a competitor or spy making a targeted attack, you'll have a password policy where you're not using something bruteforceable.

[patrakov]

The supposed attack scenario is that the laptop is returned in a trojaned form with a kernel-based keylogger. The usual counterargument is that the laptop might be as well returned with a hardware-based keylogger.