On 20.06.2016 13:00, bootcr...@openmailbox.org wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security reasons
I want to boot them from
another drive.
What is that security reason worth of not using default full disk
encryption?
In my threat model, I consider that adversary with physical access
can change bootloader on wd0 drive to store passphrases(or do anything
else).
After booting from USB I remove it and hold it in safe place.
I don't consider adversary to be able to change BIOS code or something
like that.
