I had to boot my Librem 14 without my librem Key. Thoughts

I left my Librem key behind when I recently traveled. Tragedy tends to scramble thought processes.
In brief, I re-read instructions and asked mladen for help at support. I chose to “ignore warnings” and boot anyway, but I had to select the kernel with “recovery mode” and then just enter my disk encryption password at the red screen. Simple.
If you had told me this when I first bought the laptop and key I would have been shocked. The key is supposed to protect my laptop from all the bad guys, including the ones who might steal my laptop or execute an evil maid attack. But Librem key is primarily an integrity checker, giving the user some peace of mind about the authenticity of the boot code.
Except it can’t tell the difference between an evil change and a benign update change to these files. You have to guess whether your latest update changed your boot files and I’ve gotten good at that.
Still, I will continue to use the key as that is the way of the future and I hope at some point that hardware keys will be useful for all kinds of security, even though that is patchy and the new standard passwordless logon is flawed and other schemes are better.
Thanks for reading and your for your thoughts on the issue.

To be clear … “detect” not “prevent”.

2 Likes

“prevent”? Much less clear as I never said that.
And I negated what you quoted in the next sentence. So you missed my whole point.

1 Like

This makes it hard to tell what your point actually is.

3 Likes

Perhaps you might also be interested in Restricted Boot.

1 Like