Linux still needs some work in this space, we need full verified boot and ways to protect the boot partition against evil maid attacks. This is one major reason I haven’t been able to fully switch to Linux.

UEFI is the problem, we need coreboot!

Can someone ELI5? Do I have to do something when I just use FDE with a passphrase?

Interesting

Secure boot is very hard to get right. At Tue moment I would be hesitant to rely on it solely.