[systemd-devel] How to factory reset?

[Tobias Hunger]

> If you're concerned about bootloader configuration modification as a
> threat vector, then it needs to go on an encrypted volume. This
> suggests an initial bootloader configuration that only enables the
> user to supply a passphrase/key file to unlock that volume, and then
> load a new bootloader configuration file.

I am still hoping secure boot and sd-boot will solve this issue
mid-term by making sure all the early boot components are signed
properly.

Let's wait and see.

Best Regards,
Tobias