@fiftyfourthparallel wrote:
someone needs extended physical access to your laptop.
AKA when it’s taken from you.
If your installation doesn’t/can’t have Anti Evil Maid, like most
people, your risk won’t be significantly higher or lower than
before.
That’s a different threat scenario. With attestation (Heads, AEM) you
detect modifications to your boot code. With encryption you want to
guarantee the confidentiality of your data.