On Fri, May 25, 2018 at 12:44 PM, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote:
> Why do you want an encrypted /boot ? It does not usually contain any > sensitive information. Encrypted /boot is not tamper-proof unless extra > steps are taken to protect the first stage boot such as booting from > write-protected, authenticated or removable media. Thanks for your reply. I am working for an organization which requires computers to be full disk encrypted. They support Windows, but if I want to run Linux, I'm on my own. So to be precise I need something which is strictly comparable to whatever is provided by Symantec full disk encryption for Windows. If I can achieve that, I'll be in business. It may be true that encrypted /boot is not really relevant, but I don't want to try to argue with tech support staff that a system with unencrypted /boot is close enough. I feel like it needs to be all or nothing in order for me to press this issue with them. Thank you very much for your comments, and all the best. Robert Dodier
