And all the configuration which is not necessary for booting is stored on the (encrypted) disks only? Where is for an example the password to login stored? If that is stored on the usb flash drive, an attacker could manipulate it on the flash drive to login with a new password. If it's stored on the (encrypted) disks, how can i login before the disks are unlocked for which to do i would expect that i need to login first?