Sounds like a misnomer to me.
Cause there’s no user data stored on EFI, and saying “almost-full-disk-except-for-the-EFI-partition-encryption” is a bit cumbersome and, obviously, pedantic.
Sure, but unencrypted means it can be tampered with. The bootloader can be modified to write your password to disk and once you boot, submit that to a server somewhere - or worse.
There’s also PXE boot, secure boot, carrying around a live image on a flash drive, etc.
But any attacker advanced enough to tamper with your EFI partition in an evil-maid scenario has plenty of other options to log and steal your encryption passphrase, so it’s generally a moot point.
With that logic there’s no need to even encrypt your partitions 🤷
The “disk” in this terminology is actually referring to the partition, which is the active disk when an OS boots. Different partitions are treated as different disks, it’s not about the physical disk.
Say you have 2 drives: one could contain only unencrypted portions of boot information, and the second drive could only contain encrypted partitions.
Then it would meet your definition of how it should work by terminology 😂
There is full disk encryption on Tumbleweeds using TPM and systems boot. It encrypts the ESP (EFI) partition and you supply password or fido2 key to unlock boot loader and disk
That’s not what the question is asking…
True, other distros don’t have full disk encryption, they have partition encryption.
No, not what I’m saying. Any distro can do what you’re describing, they just don’t. It’s not proprietary technology or anything. I could go and make my LUKS whatever open with a key right now, it’s just problematic.
The OP wasn’t asking about any of this though, you’re just throwing your own unrelated “AKSHUALLY” nonsense into the thread. Question was asked and answered.
See ya.