• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle
  • TPM & secure boot. Look into sbctl for secure boot if you’re not on something that uses the signed shim like ubuntu. I know some hate secure boot but storing the unlock key in tpm is at least much more secure than having the key sitting on a usb drive

    Tang - network based unlock. If you have a separate raspberry pi or something you can set it up as a tang server. You’ll want that thing encrypted too, can set that up to require manual unlock so if someone boosts your servers the tang server never comes up, storage server won’t either

    Or just manually unlock the server with a password every boot?

    That’s roughly my prioritized/preferred list