I have seen a number of posts addressing security, but it is not conclusive to me that the following two issues are addressed. Could people share or discuss what they think about it?
Mender artifacts are signed, but not encrypted: This means that any attacker that manages to get hold of an artifact, maybe to perform usb update in emergency case, can open up the payload and take the content.
Encrypted partitions could work (if you have the key or a method), but has this been tested with mender? The most relevant reference I found was this https://hub.mender.io/t/how-to-configure-the-mender-to-use-dm-crypt-partitions-for-rootfs/1508.
Opinions are greatly appreciated!