ooterness

Now explain PartialEq, and why it's mandatory.

Doesn't the ESP32 module this project is using require the same thing?

It works for now on x86-64, yes. For now. As always, we are one "think of the children" crisis away from lobbyists taking that option away.

It's not for you, it's for them. Secure boot means it only runs their operating system, not yours. Trusted enclave means it secures their DRM-ware from tampering by the user who owns the PC.

SATA= Slow (Max 6 Gbps) PCIe = Fast (Max > 100 Gbps in theory)

This is the maximum rate from the drive to the motherboard. Many drives are fast enough that SATA works become the bottleneck. With PCIe, the drive can run at its full speed, whatever that may be.

Elerium-115?

Sadly, Firefox mobile got rid of about:config, and I can't find any relevant options in the regular settings.

You can disable this "feature":

1. Visit about:config

2. Set "dom.private-attribution.submission.enabled" to false

Sure, but there's still no excuse for "store the password in plaintext lol". Once you've got user access, files at rest are trivial to obtain.

You're proposing what amounts to a phishing attack, which is more effort, more time, and more risk. Anything that forces the attacker to do more work and have more chances to get noticed is a step in the right direction. Don't let perfect be the enemy of good.

No, defense in depth is still important.

It's true that full-disk encryption is useless against remote execution attacks, because the attacker is already inside that boundary. (i.e., As you say, the OS will helpfully decrypt the file for the attacker.)

However, it's still useful to have finer-grained encryption of specific files. (Preferably in addition to full-disk encryption, which remains useful against other attack vectors.) i.e., Prompt the user for a password when the program starts, decrypt the data, and hold it in RAM that's only accessible to that running process. This is more secure because the attacker must compromise additional barriers. Physical access is harder than remote execution with root, which is harder than remote execution in general.

UTC is better than most, but leap seconds are still awful. Computers should use GPS or TAI everywhere. Dealing with time zones and leap seconds is for human readability and display purposes only.

Full disk encryption doesn't help with this threat model at all. A rogue program running on the same machine can still access all the files.