For those of you who are using linux: Are you using secure boot? I.e. is your bootloader configured to only decrypt your disk and boot your OS, while blocking all “booting from USB stick” and such?
I’m asking because i’m considering a very specific attack vector, through which a sufficiently skilled agent (e.g. FBI, CIA) could install a keylogger into your OS and get access to your sensitive data that way, even when your disk is encrypted and without your knowledge.
Configured it successfully on my Laptop, then bricked my PCs MB trying to configure it on that. Never tried again. After all, it only works for you if you trust the closed source UEFI anyway. If you want actual security, desolder the flash chip