On Wed, 5 Mar 2014, Stuart Henderson wrote: > What are you trying to protect against? > > If somebody has physical access, they can presumably replace the > kernel/initramfs with a trojanned version ...
It protects against stolen machines, but not active attacks. Our cryptoraid doesn't protect against active attacks either - the attacker can replace the bootloader with something that phishes your password. The closest we could get to fixing that would be to use the TPM on some x86 systems, but there are ways around that too... -d
