On the bright side, hopefully this accelerates the UKI initiatives on the different distros.
That would get us a pathway to a fully working secure boot and hibernation on encrypted volumes.
Last time I checked the windows implementation was also flawed
Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong decryption password several times in a row.
Yeah, no duh. This isn’t a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable. It’s not even a process flaw at that point, just “possible”.
This is essentially what the Israeli government did to Android a decade ago with Pegasus: if you can get in front of the bootloader, you can compromise disks once encrypted because everything is happening in an in-memory boot process.
Same way you can hotwire cars. It’s not new.
What’s the expression? If someone has physical access to your machine it’s no longer your machine.
XKCD about hacking in reality, a $5 monkey wrench, some rope, and kneecaps
