/boot encryption - security vs convenience

Since encrypting /boot while using GRUB causes quite slow boot times due to long decryption process (which is not convenient really) I am wondering whether it is worth to go for it at all.

I mean what additional use case this security measure covers on top of the one with encrypted system but unencrypted /boot?
The only thing I can think of is when you are in a public space with your laptop in an encrypted state (as it should be) you leave it unattended somehow and the attacker gets to your initramfs to exploit it as soon as you decrypt your system later. Seems like a very sophisticated and unlikely attack vector for most people.
Would love to hear your opinions on this topic and maybe there are other ways of exploiting unencrypted /boot I don’t see?

Inspired by @dalto comment in the other thread:

It really depends on your use case and your risk model.

luks encryption in general really only protects you against one thing. That is the physical loss of your device or, more specifically, the luks encrypted drive itself.

In my eyes, here are some of the types of things that luks helps with:

  • The physical theft or loss of your device
  • Improper destruction of your data(This is a more common attack vector than most people realize. Be careful how you dispose of your equipment)
  • An offline disk cloning attack(Unless you have access to some seriously valuable data, this one isn’t very likely)

Back to the point at hand, what is the value provided by encrypting your initrd? The initrd contains a bunch of information about your system that a determined attacker could use to exploit your system.

I think the more likely scenario is that the attacker steals your device or gains access to your drives through some other means. Someone cloning your drive while you are chatting with a friend in a public space doesn’t seem likely for most people. If they can get access to the device for that long a period of time in a public space, it would be easier to just steal it.

For many people, having an unencrypted /boot is probably not a risk they are concerned about. For some it is. Personally, I rarely use an encrypted /boot.

That being said, the question is really about what should be the default for the distro. Should the distro prioritize convenience over security? My general feel is that the distro should take the more secure approach and let the user lessen security at their preference unless there is a compelling reason not to.

I would be curious to know how others feel on this.

  • Person 1: want full encryption, automatically.
  • Person 2: want /boot unencrypted, for speed and more nice looking key input prompt.
  • Person 3: already set up exactly customized in manual partition.
  • Person 4: Choose encryption without any knowledge and simply think everything is secure.

From my perspective:
because of Person 4 and Person 1 , Person 2 should use manual partition mode.
not a another comedy Thread please :wink: