For those of you who are using linux: Are you using secure boot? I.e. is your bootloader configured to only decrypt your disk and boot your OS, while blocking all “booting from USB stick” and such?
I’m asking because i’m considering a very specific attack vector, through which a sufficiently skilled agent (e.g. FBI, CIA) could install a keylogger into your OS and get access to your sensitive data that way, even when your disk is encrypted and without your knowledge.
No, everything I have is connected to the internet anyway so has far more easily compromised vectors. If I had any data sensitive enough I would not trust any security other than physical with it. I assume with physical access, a motivated enough attacker could gain access, there’s loopholes in everything.
So, if I had that sort of data, it would be on an offline machine, no wireless, never connected to a network. I would only trust it in so far as I could guarantee I am the only one who can access it.