This commit is contained in:
ItsDrike 2023-12-31 05:00:19 +01:00
parent 56c1821716
commit 40094c9628
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0

View file

@ -323,7 +323,7 @@ For our purposes, we will choose these:
> [!IMPORTANT] > [!IMPORTANT]
> If you're using systemd-boot (instead of booting directly from the UKI images), it is very important that we choose > If you're using systemd-boot (instead of booting directly from the UKI images), it is very important that we choose
> all 2, including PCR12, as many tutorials only recommend 0 and 7, which would however lead to a security hole, where > all 3, including PCR12, as many tutorials only recommend 0 and 7, which would however lead to a security hole, where
> an attacker would be able to remove the drive with the (unencrypted) EFI partition, and modify the systemd-boot > an attacker would be able to remove the drive with the (unencrypted) EFI partition, and modify the systemd-boot
> loader config (`loaders/loader.conf`), adding `editor=yes`, and the put the drive back in. > loader config (`loaders/loader.conf`), adding `editor=yes`, and the put the drive back in.
> >