I meant software attacks, if your hardware is compromised it’s pretty much already game over unless you use something esoteric like heads maybe

efi partition on a separate disk makes a lot of sense actually, imo the biggest point of fde is that your boot environment doesn’t get fucked with from outside your trusted os, so if you put your efi on a read only CD or something and lock your bios to boot into that, that can’t really be tampered with easily in software

ok imma drink 2L of bleach

wouldn’t the hardest part be figuring out what tar command to run?