@gsuberland @manawyrm @azonenberg @jik @zackwhittaker in an ideal world, the boot payload is checked by a secure enclave of your motherboard and if it doesn't look legit, it's refused, device doesn't boot and the secure enclave doesn't provide it's part of the decryption, meaning the data stay locked. Also, all data on disk would be backed up somewhere safe so it would be simply a matter of wiping the device clean and reinstalling.