Full disk encryption alone suffices against device theft, presuming the device is turned off. More complicated threat models like an evil-maid attack are much harder to defend against.
Secure boot, and temper-evident device seals, form the outline of a solution. As far as I know though, these are still far from foolproof. Really I would say defending from an evil maid attack is still an open problem.
Something very similar holds for theft of devices that are still on.
Secure boot, and temper-evident device seals, form the outline of a solution. As far as I know though, these are still far from foolproof. Really I would say defending from an evil maid attack is still an open problem.
Something very similar holds for theft of devices that are still on.