On Thu, Jan 10, 2019 at 07:28:04PM +0000, Pieter Lems wrote:
As you can see there is a /boot and a /boot/efi partition. I was wondering the following things: What is the reason this was automaticly done?
The system is set up to boot vie (U)EFI. The EFI boot volume must be FAT32, so /boot/efi is created as FAT32 separately from /boot, which is one of the exts (I think ext4). The installer will not do this if it detects the system boots via the old-style method. I think EFI also mandates the layout of the filesystem to the extent that one could not simply use /boot as the EFI partition, formatted as FAT32, but I'm not entirely sure.
Does this have any negative influence on the security of my /boot partition? How can I counter this?
Both /boot and /boot/efi are unencrypted, but I don't think that /boot/efi is any worse than /boot for security by virtue of being FAT32. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
