I'm pleased to make everyone's acquaintance. :) I watched recently a YouTube video detailing an attack against what amounts to any Linux system not using LUKS hard disk encryption. For reference: https://www.youtube.com/watch?v=KtSZTPWYOdw While using LUKS does address this issue. One is now required to go through the login process twice. Which to me seems like a very clunky solution. Since this exploit is ultimately a weakness on the part of the boot-loader. Would it be possible to have Syslinux first look for and use a PGP .asc file in the boot directory. This way the boot loader can then verify the kernel image and init binary file is genuine before booting it? Presumably allowing end users to add their own PGP public keys on installation. Such that they can still compile and sign their own kernel images. In addendum can anyone comment of the probability of Syslinux working as a CoreBoot payload unmodified? -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x5D499DCBDB3BF585.asc Type: application/pgp-keys Size: 3139 bytes Desc: OpenPGP public key URL: <https://lists.syslinux.org/archives/syslinux/attachments/20260208/8c65afc4/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <https://lists.syslinux.org/archives/syslinux/attachments/20260208/8c65afc4/attachment.sig>