Comment 15 for bug 1773457

> The point is to prevent people from getting your data if they steal your computer, not to prevent them from modifying the computer.

Sorry, no, that's not why I raised this bug report, Phillip. There definitely *is* a point in preventing someone from sneaking into your office (say, over the weekend), and loading malware in order to either modify or steal your data. This type of espionage does actually happen.

Full disk encryption prevents this, because I really don't think that you can load a virtual machine into the (at most) 400Kb of free space in the ESP and somehow transfer control to the ESP after you've done that. The alternative, leaving a USB stick in the machine and hoping that you won't notice a strange stick in your machine, is far too obvious to be effective.

Please, if you wish to continue this conversation further, please start something on the Ubuntu Forums and post the link here. I'll be happy to discuss it at length there, because this is taking it way off track on this bug report. The bug report is about converting the current halfway encryption method to a full encryption method, for all the right reasons. Just because someone "might" be able to load a virtual machine into the 400Kb of free ESP is hardly a reason to stick with the halfway method where someone definitely can load malware into the system.

Thank you