Just had an interesting question from a colleague who has a #linux notebook and works remotely from random places:
> I've got full-disk #encryption (FDE), what else I can do for #security ?
Follow
My answers in random order:
1) Make sure you have Secure Boot enabled in BIOS, and BIOS password set.
That's pretty much all you can do to prevent backdooring & keysniffing of your bootloader today when someone covertly gets physical acces to your laptop.
If this is a viable threat, go for QubesOS, but be aware of its limitations (e.g. inability to access GPU by the operating system, so no games or 3D graphics)
