Would this not apply even if the unencrypted boot partition is on another physical drive? You still have to enter the passphrase into the prompt at boot. Wouldn’t a compromised boot partition be able to access the passphrase in memory at that time, and use that to access the key?
It would, but I assumed the idea was to have the external drive with you at all times so no one could tamper with it. Otherwise I don’t see the benefit, a permanently connected external drive may as well be internal.
Someone could install something on the unencrypted boot partition to leak the key next time it gets used
Would this not apply even if the unencrypted boot partition is on another physical drive? You still have to enter the passphrase into the prompt at boot. Wouldn’t a compromised boot partition be able to access the passphrase in memory at that time, and use that to access the key?
It would, but I assumed the idea was to have the external drive with you at all times so no one could tamper with it. Otherwise I don’t see the benefit, a permanently connected external drive may as well be internal.
Ohhhhhh, clever