Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://troet.cafe/@xeniac" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>xeniac</span></a></span> I know that this is the case, but it's not a <em>technical unavoidance</em> despite the <a href="https://infosec.space/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaspberryPi</span></a> being a non-<a href="https://infosec.space/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> - <a href="https://infosec.space/tags/arm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>arm</span></a> device.</p><ul><li>Even on the old, <a href="https://infosec.space/tags/32bit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>32bit</span></a> boards.</li></ul><p>The solution in that regard would be to boot into a <em><a href="https://infosec.space/tags/live" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>live</span></a></em> / <em><a href="https://infosec.space/tags/setup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>setup</span></a></em> mode like with <a href="https://infosec.space/tags/RaspberryPiOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaspberryPiOS</span></a> for <a href="https://infosec.space/tags/i586" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>i586</span></a>-based <a href="https://infosec.space/tags/PCs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCs</span></a> and extend it to a setup that allows creating a new custom image with <a href="https://infosec.space/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> - <a href="https://infosec.space/tags/FDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FDE</span></a> enabled and properly encrypted.</p><ul><li>OFC on a <a href="https://infosec.space/tags/Pi0W" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pi0W</span></a> that would mean one would've to plug in a 2nd MicroSD with a USB-Adapter but that's not the Point. </li></ul><p>I'm not even demanding much, just a simple <a href="https://infosec.space/tags/TUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TUI</span></a> / <a href="https://infosec.space/tags/CLI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CLI</span></a> setup like <span class="h-card" translate="no"><a href="https://ubuntu.social/@ubuntu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ubuntu</span></a></span> / <a href="https://infosec.space/tags/UbuntuServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuntuServer</span></a> has with basic customizations.</p><ul><li>I'm not even expecting it to go so far as to offer including <a href="https://infosec.space/tags/dropbear" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dropbear</span></a> - <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> in the <a href="https://infosec.space/tags/initramfs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>initramfs</span></a> so one can boot into the encrypted install and unlock it remotely. Just gimme the blinking cursor at the boot asking me to enter the password for the encrypted partition...</li></ul>