> > On Tue, Mar 31, 2015 at 10:10:31AM -0500, Joe Crivello wrote: > >> I can't think of any other scenarios right now, but I'd be interested to > >> hear if there is something I'm not thinking of...
Let's cut this short: To prevent (in theory) various attack vectors (e.g., physical access to the disk while offline), you need to have the system in a trusted state. Somebody has already thought this through, here is the result: http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot Such a fully trusted, BSD-licensed OpenBSD boot chain, where I can put my own keys into the BIOS, would be nice to have. Good luck writing it ;) kind regards, Robert