Secure the boot proceedure
Created by: Torxed
https://wiki.archlinux.org/index.php/Dm-crypt/Specialties
This is IMO something the main line OS should take care of and enable more and more. But as things go, this is usually up to individual users and that's when things usually go wrong on a lager scale. So just like with the disk encryption, force (/make it an option to) enable certain security enhancing features such as boot verification etc:
-
Include dm-integrity (or dm-verify). -
Sign bootloaders if possible -
Enable 2FA for signin