Am I theoretically compromising my security of my encrypted Linux install by dualbooting Windows with it?

How could windows misuse linux dual booting? Technically speaking. IF they were nefarious enough to attempt it. Could they feasibly pull this off?

Short answer: no, you’re not really compromising it that much

Long answer: Since you’re dual booting, I assume you’re using shim in your linux install for secure boot (you are using secure boot, right?). That means you’re trusting the MS secure boot certificates (the windows one and third-party one that shim is signed with), and there have been rootkits in the past (BlackLotus) that take advantage of the existing MS certs.

Windows itself could theoretically do the same things as a rootkit but realistically the most you’d have to worry about is windows updates sometimes nuking your bootloader from the EFI partition. Microsoft isn’t the kind of malicious that they’d try and get into linux users’ data through a rootkit. There’s no plausible reason to believe that would change either.

Is it “safer” to run only linux and with self-signed certs? sure, but you’re still stuck on the desktop security model regardless (which is Bad compared to mobile where verified boot is a thing)

3 Likes