For those of you who are using linux: Are you using secure boot? I.e. is your bootloader configured to only decrypt your disk and boot your OS, while blocking all “booting from USB stick” and such?
I’m asking because i’m considering a very specific attack vector, through which a sufficiently skilled agent (e.g. FBI, CIA) could install a keylogger into your OS and get access to your sensitive data that way, even when your disk is encrypted and without your knowledge.
that is a really interesting point, actually. i had not considered the option that attackers can actually just physically alter your device. of course, if they install a keyboard sniffer, you’d never be able to detect that, and also they could read all the data. there’s no protection against that; once the device was in the hands of an (sufficiently skilled) attacker, you can’t trust it anymore, no matter what software you have/had installed.