> since you can just pop the drive + edit the grub config

My current Secure Boot configuration only allows booting a signed GRUB EFI image which contains the configuration. Modifying it on disk would invalidate the signature, causing Secure Boot would fail. My `/boot` isn't encrypted, but each file that GRUB accesses (eg. the initrd image, vmlinux, background.png...) also has a `.sig` file and GRUB refuses to load any unsigned (or invalid) resources. This means that GRUB doesn't need a password to get into the initrd, and I can just enter one password from in there.

Next, I'm considering tying user data decryption to login and allowing the root system to be unlocked by the TPM. It seems like a good compromise to me, as I don't keep persistent data on `/` anyways. The host SSH key will be there, but still protected by the TPM and the above chain.

Edit: This would be better with aggressive measured boot parameters-- I don't care about losing `/` to a tempermental TPM, and that SSH host key is otherwise somewhat vulnerable. I'll have to learn more about measured boot and PCR.

This is what I do for my laptop - I build a custom GRUB image which enforces GPG signatures (including on grub.cfg) using grub-mkstandalone. This also has a built-in configuration which enforces passwords for editing boot commands. That GRUB efi image is signed by a custom secure boot key which I enroll. Kernel and initrd are signed by the gpg key (and the kernel also has to be signed by the secure boot key otherwise it won't load in this scenario).

The root FS is then encrypted using clevis to lock to the TPM PCRs (only). I use PCRs 0,2,4,7 for this. So the laptop will boot to a login screen without needing a password.

My home directory is separately encrypted and gets unlocked with the login password using pam_zfs_key. It works pretty well and I'm happy with the security for my threat model (casual theft is really my main concern).

I am very aware that my home directory stays unlocked unless I actually power down the machine though.