and I imagine that the initramfs is not encrypted and trivially modifiable? Appl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		conradev 5 months ago \| parent \| context \| favorite \| on: Apple: SSH and FileVault and I imagine that the initramfs is not encrypted and trivially modifiable? Apple is able to achieve this securely because their devices are not fully encrypted. They can authenticate/sign the unencrypted system partition.

klooney 5 months ago [–]

https://mastodon.social/@pid_eins/113404099228886304

You auth the initrd too

conradev 5 months ago | [–]

This is super cool, thanks for the link! I’m glad they were able to leverage the TPM

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact